Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.12.2011, 18:14   #1
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Hallo zusammen,

vor einige Zeit habe ich Meldungen bekommen, dass die Windowsfirewall eingehende Verbindungen zu bestimmten Systemprogrammen (u.a. Explorer) blockiert. Daraufhin habe ich gestern angefangen mein System zunächst mit Hijackthis (das letzte mal als ich hier im Forum aktiv war, war das noch ein Standardprogramm ) gescannt und ein verdächtiges File gefunden. Ein anschließender Komplettscan mit Antivir hat einige Funde, hauptsächlich die im Titel genannten geliefert.

Nachdem verschieben in die Quarantäne hab ich das Board hier durchsucht und folgende Threads grob durchgeschaut:

http://www.trojaner-board.de/101674-...en5-virus.html

http://www.trojaner-board.de/90882-j...versch-tr.html

Daraufhin habe ich nun Scans mit
- Malwarebytes Anti Malware
- OTL
- hjtscanlist
- ccleaner
- gmer
gemacht.

Leider bin ich mit der Auswertung der Logs nicht vertraut.
Die Meldungen der Windowsfirewall haben nach dem Scan mit Antivir aufgehört. Trotzdem würde ich mich sehr darüber freuen, wenn mich jemand bei der Auswertung der diversen Logs unterstützt (ich glaube noch nicht wirklich, dass Antivir alles gelöst haben soll)

Besten Dank im Voraus

Edith meinte: Ich habe auf dem Rechner noch eine laufen Kubuntu Installation, falls es der Diagnose / Reparatur dient.

OTL Log: (Restliche Logs sind als zip angehängt)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.12.2011 23:35:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Tommy\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 54,28% Memory free
5,38 Gb Paging File | 3,95 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): d:\pagefile.sys 2024 2024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,01 Gb Total Space | 10,79 Gb Free Space | 21,57% Space Free | Partition Type: NTFS
Drive D: | 93,13 Gb Total Space | 19,10 Gb Free Space | 20,51% Space Free | Partition Type: NTFS
 
Computer Name: TMSL | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tommy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Progs\RMClock\RMClock.exe (NGO Science Center "RightMark")
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP2014MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Notepad++\NppShell_01.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gupdate) Google Update Service (gupdate) --  File not found
SRV - (AESTFilters) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VWL) -- C:\Users\Tommy\AppData\Local\Temp\VWL.exe (Sysinternals - www.sysinternals.com)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (vmserverdWin32) -- C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Server\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe (IDT, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (NvcRpcServer) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (matlabserver) -- C:\Progs\Matlab\webserver\bin\win32\matlabserver.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HssDrv) -- C:\Windows\System32\drivers\hssdrv.sys (AnchorFree Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Corporate Edition\kerneld.wnt ()
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (UDXTTM6010) -- C:\Windows\System32\drivers\UDXTTM6010.sys ()
DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (vstor2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (Eacfilt) -- C:\Windows\System32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTCore32) -- C:\Progs\RMClock\RTCore32.sys ()
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.7
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.adminvip.com/"
FF - prefs.js..network.proxy.http: "94.76.239.95"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Progs\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Progs\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.12 07:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Progs\Thunderbird\components [2011.02.17 14:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Progs\Thunderbird\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M]
 
[2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions
[2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.21 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions
[2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.20 20:25:01 | 000,000,000 | ---D | M] (Aero Fox Silver XL) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2011.11.21 20:52:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.14 15:29:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.14 15:29:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.12.20 20:25:12 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com
[2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\chrome
[2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\defaults
[2010.12.20 20:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2011.05.16 21:22:51 | 000,005,212 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\0w1774ub.default\searchplugins\ecosia.xml
[2011.02.18 23:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.09.24 12:00:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
[2010.04.19 15:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.02.04 09:09:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.18 23:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008.06.17 22:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2011.11.14 10:03:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\TOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W1774UB.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
[2011.10.12 07:51:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.21 16:45:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009.09.25 16:01:26 | 000,071,016 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsharedview.dll
[2011.10.12 07:51:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.12 07:51:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.12 07:51:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.12 07:51:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.12 07:51:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.12 07:51:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RMClock] C:\Progs\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACC3C84-F456-4F14-B5CE-7D7ACF0999E8}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DA2D11-279B-43DE-ACE2-F1D3DD0A5D22}: NameServer = 10.90.24.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: D:\Daten\Apophysis\fairytreeback.jpg
O24 - Desktop BackupWallPaper: D:\Daten\Apophysis\fairytreeback.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.11 22:47:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2011.12.11 21:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.11 21:04:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.30 20:02:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Crayon Physics Deluxe
[2011.11.30 19:58:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe
[2011.11.30 19:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crayon Physics Deluxe
[2011.11.30 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\Tommy\.KoalaNext
[2011.11.30 16:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.30 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2011.11.14 10:04:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\DDMSettings
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.11 23:36:44 | 000,002,097 | ---- | M] () -- C:\Users\Tommy\Desktop\hjtscanlist.zip
[2011.12.11 22:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2011.12.11 22:43:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.11 22:25:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 22:25:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 21:04:10 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 16:32:42 | 000,621,126 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.11 16:32:42 | 000,589,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.11 16:32:42 | 000,123,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.11 16:32:42 | 000,102,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.11 16:26:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.11 16:26:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.11 16:25:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.11 16:25:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.11 16:24:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.11 16:09:50 | 000,113,677 | ---- | M] () -- C:\Users\Tommy\Desktop\icufa.7z
[2011.12.11 15:43:35 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.07 17:23:24 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.12.07 17:02:49 | 000,097,128 | ---- | M] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf
[2011.11.30 17:34:29 | 000,011,992 | ---- | M] () -- C:\Users\Tommy\Desktop\koala.jnlp
[2011.11.30 17:25:58 | 000,355,517 | ---- | M] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf
[2011.11.30 16:29:58 | 000,131,729 | ---- | M] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf
[2011.11.21 20:21:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.14 16:13:15 | 000,073,728 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.11 23:36:44 | 000,002,097 | ---- | C] () -- C:\Users\Tommy\Desktop\hjtscanlist.zip
[2011.12.11 21:04:10 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 16:09:50 | 000,113,677 | ---- | C] () -- C:\Users\Tommy\Desktop\icufa.7z
[2011.12.07 17:02:39 | 000,097,128 | ---- | C] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf
[2011.11.30 17:46:14 | 000,011,992 | ---- | C] () -- C:\Users\Tommy\Desktop\koala.jnlp
[2011.11.30 17:23:29 | 000,355,517 | ---- | C] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf
[2011.11.30 16:29:58 | 000,131,729 | ---- | C] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf
[2011.07.05 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.05.22 10:21:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.01 15:07:09 | 000,000,269 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\rftg
[2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011.01.22 18:00:29 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2011.01.22 18:00:29 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2011.01.22 18:00:09 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2011.01.22 18:00:09 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010.11.10 10:11:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.11.10 10:11:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.10.17 18:36:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.16 19:27:47 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2010.09.16 19:27:47 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2010.09.16 19:27:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2010.02.23 12:07:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.26 08:58:01 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini
[2010.01.20 18:10:59 | 000,007,497 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\gnuplot_history
[2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.30 19:51:32 | 000,596,896 | ---- | C] () -- C:\Windows\System32\drivers\UDXTTM6010.sys
[2009.10.18 18:39:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.09.02 10:47:27 | 000,000,000 | ---- | C] () -- C:\Windows\IMAGETOPDF.INI
[2009.09.02 09:12:05 | 000,139,264 | ---- | C] () -- C:\Windows\gswin32c.exe
[2009.06.08 17:26:48 | 000,000,313 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.06.08 17:04:01 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.06.08 17:04:01 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.27 08:00:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 08:00:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 07:59:40 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.05.08 22:10:05 | 000,023,888 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\UserTile.png
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
[2008.10.16 17:51:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPMLVS.DLL
[2008.10.01 13:05:16 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini
[2008.08.07 15:15:24 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.27 16:43:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.22 07:22:34 | 000,073,728 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.16 19:46:25 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.06.16 18:54:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.06.16 18:54:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.06.16 18:54:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.06.16 18:54:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.06.16 18:54:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.06.16 18:54:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.06.16 18:54:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.06.16 18:54:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.06.16 18:54:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.06.16 18:54:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.06.16 18:54:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.06.16 18:54:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.06.16 18:54:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.06.16 18:54:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.06.16 18:54:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.06.16 18:40:09 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.16 18:40:08 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.06.07 21:29:31 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008.06.07 20:12:10 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.001
[2008.06.07 19:58:39 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.dat
[2008.06.07 17:36:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008.06.07 17:36:07 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008.06.07 17:25:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.06.07 17:15:10 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
[2007.07.25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:42:41 | 000,621,126 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:42:41 | 000,123,858 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,317,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,589,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,102,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000073.DLL
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: zip Logs.zip (45,5 KB, 62x aufgerufen)

Geändert von Olorin (12.12.2011 um 18:18 Uhr) Grund: hilft möglicherweise der diagnose / reparatur

Alt 13.12.2011, 13:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 13.12.2011, 22:08   #3
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Hey,

ich hab' noch zwei QuickScan Logs. (Sind für mich aber ziemlich aussagelos.)

Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8352

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11.12.2011 21:10:14
mbam-log-2011-12-11 (21-10-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161179
Laufzeit: 3 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6610

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

18.05.2011 20:41:56
mbam-log-2011-05-18 (20-41-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146105
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
HJTScanlist hab' ich vergessen im ersten Post mit reinzunehmen:

Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  11.12.2011 19:51     C:\System Volume Information --------- 20480   
  18.10.2011 15:42     C:\ProgramData --------- 12288   
  18.10.2011 15:42     C:\Program Files --------- 24576   
  14.07.2011 21:20     C:\Windows --------- 28672   
  23.03.2011 19:12     C:\Progs --------- 12288   
  14.01.2010 22:17     C:\Hotspot Shield --------- 0   
  18.10.2009 16:11     C:\Dell --------- 0   
  13.06.2009 17:24     C:\pagefile.sys --------- 4069675008   
  29.05.2009 08:49     C:\IO.SYS --------- 0   
  29.05.2009 08:49     C:\MSDOS.SYS --------- 0   
  27.05.2009 08:17     C:\Boot --------- 4096   
  12.04.2009 22:20     C:\.rnd --------- 1024   
  11.04.2009 07:36     C:\bootmgr --------- 333257   
  27.10.2008 18:37     C:\wubildr.mbr --------- 8192   
  27.10.2008 18:37     C:\wubildr --------- 192307   
  02.10.2008 17:43     C:\Application Data --------- 0   
  07.06.2008 18:11     C:\PerfLogs --------- 0   
  07.06.2008 18:05     C:\BOOTSECT.BAK --------- 8192   
  07.06.2008 17:20     C:\Intel --------- 0   
  07.06.2008 17:15     C:\$Recycle.Bin --------- 0   
  07.06.2008 17:15     C:\Users --------- 4096   
  07.06.2008 17:13     C:\Programme --------- 0   
  07.06.2008 17:13     C:\Dokumente und Einstellungen --------- 0   
  02.11.2006 14:02     C:\Documents and Settings --------- 0   
  18.09.2006 22:43     C:\config.sys --------- 10   
  18.09.2006 22:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  12.12.2011 17:02     C:\Windows\bootstat.dat --------- 67584   
  11.12.2011 23:41     C:\Windows\bthservsdp.dat --------- 12   
  12.12.2011 17:05     C:\Windows\WindowsUpdate.log --------- 1601077   
  14.11.2011 15:56     C:\Windows\setupact.log --------- 36373   
  18.10.2011 18:29     C:\Windows\PFRO.log --------- 126318   
  26.04.2011 08:57     C:\Windows\DirectX.log --------- 232662   
  26.04.2011 08:57     C:\Windows\DXError.log --------- 810   
  26.04.2011 08:56     C:\Windows\KB893803v2.log --------- 554   
  06.04.2011 07:00     C:\Windows\IE9_main.log --------- 2438   
  22.01.2011 17:39     C:\Windows\BB5E51A397ED16FD.log --------- 48   
  20.03.2010 13:36     C:\Windows\win.ini --------- 191   
  27.01.2010 20:10     C:\Windows\setuperr.log --------- 0   
  26.01.2010 08:58     C:\Windows\ricdb.ini --------- 78   
  25.11.2009 15:04     C:\Windows\msxml4-KB973688-enu.LOG --------- 291736   
  06.11.2009 16:58     C:\Windows\boinc.scr --------- 803584   
  02.09.2009 10:47     C:\Windows\IMAGETOPDF.INI --------- 0   
  10.07.2009 12:10     C:\Windows\WLXPGSS.SCR --------- 307568   
  08.06.2009 17:29     C:\Windows\SIERRA.INI --------- 313   
  29.04.2009 07:56     C:\Windows\ie8_main.log --------- 2084   
  11.04.2009 07:27     C:\Windows\explorer.exe --------- 2926592   
  05.02.2009 06:28     C:\Windows\gswin32c.exe --------- 139264   
  14.11.2008 09:18     C:\Windows\msxml4-KB954430-enu.LOG --------- 281816   
  10.11.2008 23:14     C:\Windows\msxml4-KB936181-enu.LOG --------- 172576   
  16.10.2008 17:52     C:\Windows\DPINST.LOG --------- 18552   
  01.10.2008 13:18     C:\Windows\matlab.ini --------- 157   
  07.08.2008 15:15     C:\Windows\eReg.dat --------- 616   
  12.06.2008 00:07     C:\Windows\msxml4-KB941833-enu.LOG --------- 254788   
  07.06.2008 22:47     C:\Windows\BDPackLog.log --------- 87   
  07.06.2008 22:47     C:\Windows\MDLog.log --------- 157   
  07.06.2008 21:29     C:\Windows\oodcnt.INI --------- 0   
  07.06.2008 19:22     C:\Windows\ydi.log --------- 112924   
  07.06.2008 18:16     C:\Windows\WindowsShell.Manifest --------- 749   
  07.06.2008 18:15     C:\Windows\DtcInstall.log --------- 2257   
  07.06.2008 17:59     C:\Windows\SPInstall.etl --------- 196608   
  07.06.2008 17:36     C:\Windows\bcmwl.log --------- 15170   
  07.06.2008 17:09     C:\Windows\TSSysprep.log --------- 1313   
  06.06.2008 13:54     C:\Windows\UNRecode.exe --------- 972072   
  18.01.2008 22:33     C:\Windows\regedit.exe --------- 134656   
  18.01.2008 22:33     C:\Windows\notepad.exe --------- 151040   
  18.01.2008 22:33     C:\Windows\HelpPane.exe --------- 498176   
  18.01.2008 22:33     C:\Windows\fveupdate.exe --------- 13312   
  18.01.2008 22:33     C:\Windows\bfsvc.exe --------- 58880   
  22.02.2007 03:06     C:\Windows\DELL_VERSION --------- 32   
  02.11.2006 13:36     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 13:35     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 13:35     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 13:35     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 13:35     C:\Windows\twain.dll --------- 94784   
  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 12:41     C:\Windows\Business.xml --------- 4261   
  18.09.2006 22:46     C:\Windows\system.ini --------- 219   
  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   
  30.08.2005 20:36     C:\Windows\UNRecode.cfg --------- 50   
  17.03.2002 01:00     C:\Windows\UA000073.DLL --------- 7420   
  29.10.1998 15:45     C:\Windows\IsUninst.exe --------- 306688   
  21.10.1998 17:43     C:\Windows\IsUn0407.exe --------- 328704   
  01.10.1998 16:22     C:\Windows\uninst.exe --------- 299520   
----------------------------------------

 
C:\Windows\System

 02.11.2006 13:35      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 13:35      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 13:35      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 13:35      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 13:35      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 13:35      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 12.12.2011 17:02     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3648  
 12.12.2011 17:02     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3648  
 11.12.2011 23:34     C:\Windows\system32\drivers --------- 65536  
 11.12.2011 16:32     C:\Windows\system32\perfh009.dat --------- 589862  
 11.12.2011 16:32     C:\Windows\system32\perfc009.dat --------- 102460  
 11.12.2011 16:32     C:\Windows\system32\perfc007.dat --------- 123858  
 11.12.2011 16:32     C:\Windows\system32\perfh007.dat --------- 621126  
 11.12.2011 16:32     C:\Windows\system32\PerfStringBackup.INI --------- 1426730  
 07.12.2011 17:23     C:\Windows\system32\MpSigStub.exe --------- 222080  
 30.11.2011 16:44     C:\Windows\system32\Tasks --------- 12288  
 21.11.2011 20:21     C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 414368  
 14.11.2011 15:25     C:\Windows\system32\catroot2 --------- 12288  
 12.11.2011 21:18     C:\Windows\system32\catroot --------- 4096  
 08.11.2011 22:11     C:\Windows\system32\mrt.exe --------- 50295240  
 21.10.2011 00:26     C:\Windows\system32\dpl100.dll --------- 94208  
 13.10.2011 07:18     C:\Windows\system32\FNTCACHE.DAT --------- 317984  
 12.10.2011 20:49     C:\Windows\system32\migration --------- 0  
 12.10.2011 20:49     C:\Windows\system32\de-DE --------- 204800  
 12.10.2011 16:12     C:\Windows\system32\directx --------- 0  
 01.10.2011 00:06     C:\Windows\system32\wininet.dll --------- 916480  
 01.10.2011 00:06     C:\Windows\system32\urlmon.dll --------- 1212416  
 01.10.2011 00:06     C:\Windows\system32\url.dll --------- 105984  
 01.10.2011 00:04     C:\Windows\system32\occache.dll --------- 206848  
 01.10.2011 00:03     C:\Windows\system32\mstime.dll --------- 611840  
 01.10.2011 00:02     C:\Windows\system32\mshtml.dll --------- 5971456  
 01.10.2011 00:02     C:\Windows\system32\mshtmled.dll --------- 66560  
 01.10.2011 00:02     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 01.10.2011 00:02     C:\Windows\system32\msfeeds.dll --------- 602112  
 01.10.2011 00:02     C:\Windows\system32\licmgr10.dll --------- 43520  
 01.10.2011 00:01     C:\Windows\system32\jsproxy.dll --------- 25600  
 01.10.2011 00:01     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 01.10.2011 00:01     C:\Windows\system32\ieui.dll --------- 164352  
 01.10.2011 00:01     C:\Windows\system32\iesysprep.dll --------- 109056  
 01.10.2011 00:01     C:\Windows\system32\iertutil.dll --------- 2000384  
 01.10.2011 00:01     C:\Windows\system32\iesetup.dll --------- 71680  
 01.10.2011 00:01     C:\Windows\system32\iernonce.dll --------- 55808  
 01.10.2011 00:01     C:\Windows\system32\iepeers.dll --------- 184320  
 01.10.2011 00:01     C:\Windows\system32\ieframe.dll --------- 11081728  
 01.10.2011 00:01     C:\Windows\system32\iedkcs32.dll --------- 387584  
 30.09.2011 23:07     C:\Windows\system32\html.iec --------- 385024  
 30.09.2011 22:29     C:\Windows\system32\ieUnatt.exe --------- 133632  
 30.09.2011 22:29     C:\Windows\system32\ie4uinit.exe --------- 174080  
 30.09.2011 22:29     C:\Windows\system32\msfeedssync.exe --------- 13312  
 30.09.2011 22:28     C:\Windows\system32\mshtml.tlb --------- 1638912  
 06.09.2011 14:30     C:\Windows\system32\win32k.sys --------- 2043392  
 25.08.2011 17:15     C:\Windows\system32\UIAutomationCore.dll --------- 555520  
 25.08.2011 17:14     C:\Windows\system32\oleaut32.dll --------- 563712  
 25.08.2011 17:14     C:\Windows\system32\oleacc.dll --------- 238080  
 25.08.2011 14:31     C:\Windows\system32\oleaccrc.dll --------- 4096  
 29.07.2011 17:01     C:\Windows\system32\psisdecd.dll --------- 293376  
 29.07.2011 17:01     C:\Windows\system32\psisrndr.ax --------- 217088  
 29.07.2011 17:00     C:\Windows\system32\MSDvbNP.ax --------- 57856  
 29.07.2011 17:00     C:\Windows\system32\Mpeg2Data.ax --------- 69632  
 15.07.2011 14:13     C:\Windows\system32\maestro-server.log --------- 40  
 11.07.2011 14:25     C:\Windows\system32\tzres.dll --------- 2048  
 05.07.2011 19:25     C:\Windows\system32\cd.dat --------- 0  
 03.07.2011 22:16     C:\Windows\system32\wbem --------- 61440  
 03.07.2011 22:15     C:\Windows\system32\pt-BR --------- 0  
 03.07.2011 22:15     C:\Windows\system32\bg-BG --------- 0  
 03.07.2011 22:15     C:\Windows\system32\it-IT --------- 0  
 03.07.2011 22:15     C:\Windows\system32\he-IL --------- 0  
 03.07.2011 22:15     C:\Windows\system32\pt-PT --------- 0  
 03.07.2011 22:15     C:\Windows\system32\pl-PL --------- 0  
 03.07.2011 22:15     C:\Windows\system32\uk-UA --------- 0  
 03.07.2011 22:15     C:\Windows\system32\ko-KR --------- 0  
 03.07.2011 22:15     C:\Windows\system32\hu-HU --------- 0  
 03.07.2011 22:15     C:\Windows\system32\hr-HR --------- 0  
 03.07.2011 22:15     C:\Windows\system32\sl-SI --------- 0  
 03.07.2011 22:15     C:\Windows\system32\zh-HK --------- 0  
 03.07.2011 22:15     C:\Windows\system32\el-GR --------- 0  
 03.07.2011 22:15     C:\Windows\system32\nl-NL --------- 0  
 03.07.2011 22:15     C:\Windows\system32\fr-FR --------- 0  
 03.07.2011 22:15     C:\Windows\system32\fi-FI --------- 0  
 03.07.2011 22:15     C:\Windows\system32\sr-Latn-CS --------- 0  
 03.07.2011 22:15     C:\Windows\system32\tr-TR --------- 0  
 03.07.2011 22:15     C:\Windows\system32\th-TH --------- 0  
 03.07.2011 22:15     C:\Windows\system32\sv-SE --------- 0  
 03.07.2011 22:15     C:\Windows\system32\es-ES --------- 0  
 03.07.2011 22:15     C:\Windows\system32\lv-LV --------- 0  
 03.07.2011 22:15     C:\Windows\system32\lt-LT --------- 0  
 03.07.2011 22:15     C:\Windows\system32\zh-TW --------- 0  
 03.07.2011 22:15     C:\Windows\system32\sk-SK --------- 0  
 03.07.2011 22:15     C:\Windows\system32\et-EE --------- 0  
 03.07.2011 22:15     C:\Windows\system32\cs-CZ --------- 0  
 03.07.2011 22:15     C:\Windows\system32\zh-CN --------- 0  
 03.07.2011 22:15     C:\Windows\system32\ja-JP --------- 0  
 03.07.2011 22:15     C:\Windows\system32\ar-SA --------- 0  
 03.07.2011 22:15     C:\Windows\system32\ro-RO --------- 0  
 03.07.2011 22:15     C:\Windows\system32\ru-RU --------- 0  
 03.07.2011 22:15     C:\Windows\system32\nb-NO --------- 0  
 03.07.2011 22:15     C:\Windows\system32\da-DK --------- 0  
 03.07.2011 22:15     C:\Windows\system32\en-US --------- 8192  
 20.06.2011 09:54     C:\Windows\system32\ntkrnlpa.exe --------- 3602832  
 20.06.2011 09:54     C:\Windows\system32\ntoskrnl.exe --------- 3550096  
 17.06.2011 17:03     C:\Windows\system32\winsrv.dll --------- 375808  
 11.06.2011 00:58     C:\Windows\system32\mfcm100u.dll --------- 81744  
 11.06.2011 00:58     C:\Windows\system32\vcomp100.dll --------- 51024  
 11.06.2011 00:58     C:\Windows\system32\mfc100deu.dll --------- 64336  
 11.06.2011 00:58     C:\Windows\system32\mfc100cht.dll --------- 36176  
 11.06.2011 00:58     C:\Windows\system32\msvcr100.dll --------- 773968  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 12.12.2011 17:02     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1090  
 12.12.2011 17:02     C:\Windows\Tasks\SA.DAT --------- 6  
 11.12.2011 23:41     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32510  
 11.12.2011 22:43     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1094  
----------------------------------------

 
C:\Windows\Temp

 11.12.2011 15:54     C:\Windows\Temp\MpSigStub.log --------- 715158  
 11.12.2011 15:54     C:\Windows\Temp\11BBA8FFCBA786A43AC72355BA7713D4-Sigs --------- 0  
 18.10.2011 16:29     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20111018_172921250.html --------- 78986  
 18.10.2011 16:29     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20111018_172921250-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt --------- 396772  
 18.10.2011 16:29     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219 --------- 0  
 18.10.2011 15:43     C:\Windows\Temp\AVSETUP_4e9d9023 --------- 0  
 16.10.2011 20:48     C:\Windows\Temp\AskSLib.dll --------- 246440  
 08.09.2011 18:00     C:\Windows\Temp\vminst.log --------- 2156651  
 15.06.2011 15:16     C:\Windows\Temp\dd_vcredistUI641B.txt --------- 14232  
 15.06.2011 15:16     C:\Windows\Temp\dd_vcredistMSI641B.txt --------- 467470  
 21.05.2011 09:31     C:\Windows\Temp\FOR95D1.tmp --------- 1409  
 21.05.2011 09:31     C:\Windows\Temp\TTR95D0.tmp --------- 24292  
 21.05.2011 09:31     C:\Windows\Temp\FOR94F2.tmp --------- 1409  
 21.05.2011 09:31     C:\Windows\Temp\FOR9504.tmp --------- 1409  
 21.05.2011 09:31     C:\Windows\Temp\TTR9503.tmp --------- 19492  
 21.05.2011 09:31     C:\Windows\Temp\TTR94F1.tmp --------- 38860  
 21.05.2011 09:31     C:\Windows\Temp\FOR94D1.tmp --------- 1409  
 21.05.2011 09:31     C:\Windows\Temp\TTR94D0.tmp --------- 38136  
 16.05.2011 07:15     C:\Windows\Temp\TTR1E8D.tmp --------- 45128  
 16.05.2011 07:15     C:\Windows\Temp\FOR1E8E.tmp --------- 1409  
 16.05.2011 07:10     C:\Windows\Temp\FOR45E9.tmp --------- 1409  
 16.05.2011 07:10     C:\Windows\Temp\TTR45E8.tmp --------- 45128  
 16.05.2011 07:10     C:\Windows\Temp\FOR45E7.tmp --------- 1409  
 16.05.2011 07:10     C:\Windows\Temp\TTR45E6.tmp --------- 44268  
 29.04.2011 06:38     C:\Windows\Temp\FORB636.tmp --------- 1409  
 29.04.2011 06:38     C:\Windows\Temp\TTRB635.tmp --------- 45128  
 16.04.2011 11:20     C:\Windows\Temp\FOR8D88.tmp --------- 1409  
 16.04.2011 11:20     C:\Windows\Temp\TTR8D87.tmp --------- 44268  
 16.04.2011 11:20     C:\Windows\Temp\FOR8D86.tmp --------- 1409  
 16.04.2011 11:20     C:\Windows\Temp\TTR8D85.tmp --------- 45128  
 16.04.2011 11:19     C:\Windows\Temp\FORA048.tmp --------- 1409  
 16.04.2011 11:19     C:\Windows\Temp\TTRA047.tmp --------- 41004  
 16.04.2011 11:19     C:\Windows\Temp\FORA037.tmp --------- 1409  
 16.04.2011 11:19     C:\Windows\Temp\TTRA036.tmp --------- 39800  
 15.04.2011 21:23     C:\Windows\Temp\hss_update.exe --------- 3461104  
 13.04.2011 15:02     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20110413_160213904.html --------- 94562  
 13.04.2011 15:02     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20110413_160213904-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319-MSP0.txt --------- 305472  
 13.04.2011 15:02     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20110413_160213904-MSI_vc_red.msi.txt --------- 380902  
 13.04.2011 15:02     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.30319 --------- 0  
 13.04.2011 15:01     C:\Windows\Temp\dd_vcredistUI1EC8.txt --------- 11688  
 13.04.2011 15:01     C:\Windows\Temp\dd_vcredistMSI1EC8.txt --------- 466388  
 13.01.2011 17:20     C:\Windows\Temp\FOR4EE6.tmp --------- 1409  
 13.01.2011 17:20     C:\Windows\Temp\TTR4EE5.tmp --------- 22220  
 13.01.2011 17:20     C:\Windows\Temp\FOR4ED4.tmp --------- 1409  
 13.01.2011 17:20     C:\Windows\Temp\TTR4ED3.tmp --------- 19552  
 01.10.2010 09:42     C:\Windows\Temp\Microsoft .NET Framework 3.5-KB2416473_20101001_084212083.html --------- 86648  
 01.10.2010 09:42     C:\Windows\Temp\Microsoft .NET Framework 3.5-KB2416473_20101001_084212083-Msi0.txt --------- 957962  
 01.10.2010 09:42     C:\Windows\Temp\dd_clwireg.txt --------- 4150  
 30.09.2010 16:41     C:\Windows\Temp\is7040.tmp --------- 0  
 30.09.2010 16:40     C:\Windows\Temp\isC8E.tmp --------- 0  
 30.09.2010 16:40     C:\Windows\Temp\._msige52 --------- 0  
 21.08.2010 08:21     C:\Windows\Temp\TTR61BE.tmp --------- 4464  
 21.08.2010 08:21     C:\Windows\Temp\FOR61BD.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\FOR61BF.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\TTR61AC.tmp --------- 4844  
 21.08.2010 08:21     C:\Windows\Temp\FOR6035.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\TTR6034.tmp --------- 14088  
 21.08.2010 08:21     C:\Windows\Temp\FOR6033.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\TTR6032.tmp --------- 4716  
 21.08.2010 08:21     C:\Windows\Temp\FOR6021.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\TTR6020.tmp --------- 7300  
 21.08.2010 08:21     C:\Windows\Temp\FOR601F.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\TTR601E.tmp --------- 4308  
 21.08.2010 08:21     C:\Windows\Temp\FOR601D.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\TTR601C.tmp --------- 5488  
 21.08.2010 08:21     C:\Windows\Temp\FOR600B.tmp --------- 1409  
 21.08.2010 08:21     C:\Windows\Temp\TTR600A.tmp --------- 20744  
 15.08.2010 13:22     C:\Windows\Temp\FOR9B7C.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR9B7B.tmp --------- 4632  
 15.08.2010 13:22     C:\Windows\Temp\FOR9B7A.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR9B79.tmp --------- 4760  
 15.08.2010 13:22     C:\Windows\Temp\FOR99A4.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR99A3.tmp --------- 4848  
 15.08.2010 13:22     C:\Windows\Temp\FOR99A2.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR99A1.tmp --------- 5556  
 15.08.2010 13:22     C:\Windows\Temp\FOR98E5.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR98E4.tmp --------- 4664  
 15.08.2010 13:22     C:\Windows\Temp\FOR98E3.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR98E2.tmp --------- 8292  
 15.08.2010 13:22     C:\Windows\Temp\FOR98D2.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR98D1.tmp --------- 6440  
 15.08.2010 13:22     C:\Windows\Temp\FOR98A1.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR98A0.tmp --------- 7380  
 15.08.2010 13:22     C:\Windows\Temp\FOR989F.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR988E.tmp --------- 7840  
 15.08.2010 13:22     C:\Windows\Temp\FOR988D.tmp --------- 1409  
 15.08.2010 13:22     C:\Windows\Temp\TTR988C.tmp --------- 10624  
 11.08.2010 14:42     C:\Windows\Temp\MSIfe993.LOG --------- 164876  
 20.07.2010 12:34     C:\Windows\Temp\FOR399F.tmp --------- 1409  
 20.07.2010 12:34     C:\Windows\Temp\TTR399E.tmp --------- 29108  
 20.07.2010 12:34     C:\Windows\Temp\FOR398D.tmp --------- 1409  
 20.07.2010 12:34     C:\Windows\Temp\TTR398C.tmp --------- 27488  
 20.07.2010 12:34     C:\Windows\Temp\FOR396C.tmp --------- 1409  
 20.07.2010 12:34     C:\Windows\Temp\TTR396B.tmp --------- 40028  
 03.07.2010 08:19     C:\Windows\Temp\FORABEC.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRABEB.tmp --------- 7036  
 03.07.2010 08:19     C:\Windows\Temp\FORAA83.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\FORAA71.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRAA82.tmp --------- 20428  
 03.07.2010 08:19     C:\Windows\Temp\FORAA60.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRAA70.tmp --------- 16540  
 03.07.2010 08:19     C:\Windows\Temp\TTRAA5F.tmp --------- 8460  
 03.07.2010 08:19     C:\Windows\Temp\FORAA1F.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRAA0F.tmp --------- 4500  
 03.07.2010 08:19     C:\Windows\Temp\FORA9EF.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRA9EE.tmp --------- 20888  
 03.07.2010 08:19     C:\Windows\Temp\FORA9CD.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRA9CC.tmp --------- 7668  
 03.07.2010 08:19     C:\Windows\Temp\TTRA9CA.tmp --------- 25232  
 03.07.2010 08:19     C:\Windows\Temp\FORA9BA.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\FORA9CB.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRA9B9.tmp --------- 12712  
 03.07.2010 08:19     C:\Windows\Temp\FORA989.tmp --------- 1409  
 03.07.2010 08:19     C:\Windows\Temp\TTRA988.tmp --------- 10500  
 24.06.2010 09:54     C:\Windows\Temp\FORAF15.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAF06.tmp --------- 4588  
 24.06.2010 09:54     C:\Windows\Temp\FORAE87.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAE86.tmp --------- 5644  
 24.06.2010 09:54     C:\Windows\Temp\FORAE56.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\FORAE45.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAE55.tmp --------- 14080  
 24.06.2010 09:54     C:\Windows\Temp\TTRAE44.tmp --------- 9676  
 24.06.2010 09:54     C:\Windows\Temp\TTRAE42.tmp --------- 6780  
 24.06.2010 09:54     C:\Windows\Temp\FORAE43.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\FORAE10.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAE11.tmp --------- 4832  
 24.06.2010 09:54     C:\Windows\Temp\FORAE12.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAE0F.tmp --------- 5528  
 24.06.2010 09:54     C:\Windows\Temp\FORAB21.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAB20.tmp --------- 4912  
 24.06.2010 09:54     C:\Windows\Temp\TTRAB0E.tmp --------- 12280  
 24.06.2010 09:54     C:\Windows\Temp\FORAB0F.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\FORAAA0.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAA81.tmp --------- 6120  
 24.06.2010 09:54     C:\Windows\Temp\FORAA7D.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\FORAA6B.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAA7E.tmp --------- 13840  
 24.06.2010 09:54     C:\Windows\Temp\TTRAA6A.tmp --------- 7116  
 24.06.2010 09:54     C:\Windows\Temp\TTRAA7C.tmp --------- 8536  
 24.06.2010 09:54     C:\Windows\Temp\FORAA7F.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\FORAA4A.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\FORAA39.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAA49.tmp --------- 5212  
 24.06.2010 09:54     C:\Windows\Temp\TTRA90B.tmp --------- 8892  
 24.06.2010 09:54     C:\Windows\Temp\FORA90C.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\FORAA37.tmp --------- 1409  
 24.06.2010 09:54     C:\Windows\Temp\TTRAA38.tmp --------- 4268  
 24.06.2010 09:54     C:\Windows\Temp\TTRAA36.tmp --------- 5528  
 14.06.2010 23:10     C:\Windows\Temp\dmy7916.tmp --------- 0  
 05.06.2010 08:30     C:\Windows\Temp\Cookies --------- 0  
 03.06.2010 10:53     C:\Windows\Temp\FOR684D.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR684C.tmp --------- 10656  
 03.06.2010 10:53     C:\Windows\Temp\FOR683B.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR683A.tmp --------- 10656  
 03.06.2010 10:53     C:\Windows\Temp\FOR6829.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR6828.tmp --------- 15232  
 03.06.2010 10:53     C:\Windows\Temp\FOR6827.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR6826.tmp --------- 14092  
 03.06.2010 10:53     C:\Windows\Temp\FOR66CE.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR66CD.tmp --------- 14092  
 03.06.2010 10:53     C:\Windows\Temp\FOR66BD.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR66BC.tmp --------- 18748  
 03.06.2010 10:53     C:\Windows\Temp\FOR66BB.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR66BA.tmp --------- 14092  
 03.06.2010 10:53     C:\Windows\Temp\FOR66A9.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR66A8.tmp --------- 15232  
 03.06.2010 10:53     C:\Windows\Temp\FOR6688.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR6687.tmp --------- 14092  
 03.06.2010 10:53     C:\Windows\Temp\FOR6686.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR6685.tmp --------- 15232  
 03.06.2010 10:53     C:\Windows\Temp\FOR64DF.tmp --------- 1409  
 03.06.2010 10:53     C:\Windows\Temp\TTR64DE.tmp --------- 39788  
 28.05.2010 09:21     C:\Windows\Temp\MSIf977e.LOG --------- 178866  
 25.05.2010 10:24     C:\Windows\Temp\FORC50E.tmp --------- 1409  
 25.05.2010 10:24     C:\Windows\Temp\TTRC50D.tmp --------- 8280  
 25.05.2010 10:24     C:\Windows\Temp\FORC50C.tmp --------- 1409  
 25.05.2010 10:24     C:\Windows\Temp\TTRC50B.tmp --------- 4648  
 25.05.2010 10:24     C:\Windows\Temp\FORC48D.tmp --------- 1409  
 25.05.2010 10:24     C:\Windows\Temp\TTRC48C.tmp --------- 12176  
 25.05.2010 10:24     C:\Windows\Temp\FORC44D.tmp --------- 1409  
 25.05.2010 10:24     C:\Windows\Temp\TTRC44C.tmp --------- 6824  
 21.05.2010 07:36     C:\Windows\Temp\isCBB8.tmp --------- 0  
 21.05.2010 07:35     C:\Windows\Temp\is539B.tmp --------- 0  
 29.04.2010 11:04     C:\Windows\Temp\FORF3E0.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF3DF.tmp --------- 4312  
 29.04.2010 11:04     C:\Windows\Temp\FORF3CE.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF3CD.tmp --------- 5140  
 29.04.2010 11:04     C:\Windows\Temp\FORF3BD.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF3BC.tmp --------- 4336  
 29.04.2010 11:04     C:\Windows\Temp\FORF35D.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF35C.tmp --------- 6008  
 29.04.2010 11:04     C:\Windows\Temp\FORF34B.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF34A.tmp --------- 6780  
 29.04.2010 11:04     C:\Windows\Temp\FORF25F.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF25E.tmp --------- 4504  
 29.04.2010 11:04     C:\Windows\Temp\FORF20F.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF20E.tmp --------- 8620  
 29.04.2010 11:04     C:\Windows\Temp\FORF1BF.tmp --------- 1409  
 29.04.2010 11:04     C:\Windows\Temp\TTRF1BE.tmp --------- 6296  
 26.04.2010 18:51     C:\Windows\Temp\FORAF18.tmp --------- 1409  
 26.04.2010 18:51     C:\Windows\Temp\TTRAF17.tmp --------- 44268  
 26.04.2010 18:51     C:\Windows\Temp\FORAF06.tmp --------- 1409  
 26.04.2010 18:51     C:\Windows\Temp\TTRAF05.tmp --------- 45128  
 12.03.2010 10:48     C:\Windows\Temp\FOR88A5.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR88A4.tmp --------- 4776  
 12.03.2010 10:48     C:\Windows\Temp\FOR8894.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR8893.tmp --------- 4928  
 12.03.2010 10:48     C:\Windows\Temp\FOR8882.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR8881.tmp --------- 4656  
 12.03.2010 10:48     C:\Windows\Temp\FOR8880.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR887F.tmp --------- 7676  
 12.03.2010 10:48     C:\Windows\Temp\FOR8775.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR8774.tmp --------- 4640  
 12.03.2010 10:48     C:\Windows\Temp\FOR8763.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR8762.tmp --------- 5684  
 12.03.2010 10:48     C:\Windows\Temp\FOR8752.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR8751.tmp --------- 7744  
 12.03.2010 10:48     C:\Windows\Temp\FOR8750.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR874F.tmp --------- 6276  
 12.03.2010 10:48     C:\Windows\Temp\FOR873E.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR873D.tmp --------- 12324  
 12.03.2010 10:48     C:\Windows\Temp\FOR872D.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR872C.tmp --------- 21984  
 12.03.2010 10:48     C:\Windows\Temp\FOR871B.tmp --------- 1409  
 12.03.2010 10:48     C:\Windows\Temp\TTR871A.tmp --------- 14448  
 28.02.2010 17:52     C:\Windows\Temp\TTR8428.tmp --------- 4776  
 28.02.2010 17:52     C:\Windows\Temp\FOR843B.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR843A.tmp --------- 4772  
 28.02.2010 17:52     C:\Windows\Temp\FOR8439.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\FOR8263.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR8240.tmp --------- 4668  
 28.02.2010 17:52     C:\Windows\Temp\FOR8261.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR8262.tmp --------- 4760  
 28.02.2010 17:52     C:\Windows\Temp\FOR81A3.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR81A2.tmp --------- 5600  
 28.02.2010 17:52     C:\Windows\Temp\FOR7FED.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR7FDC.tmp --------- 4952  
 28.02.2010 17:52     C:\Windows\Temp\FOR7FDB.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR7FDA.tmp --------- 4676  
 28.02.2010 17:52     C:\Windows\Temp\FOR7E24.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR7E14.tmp --------- 4724  
 28.02.2010 17:52     C:\Windows\Temp\FOR7DC5.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\FOR7DB3.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR7DC4.tmp --------- 7340  
 28.02.2010 17:52     C:\Windows\Temp\TTR7DB2.tmp --------- 6676  
 28.02.2010 17:52     C:\Windows\Temp\FOR7DA1.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\FOR7D90.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR7DA0.tmp --------- 17144  
 28.02.2010 17:52     C:\Windows\Temp\TTR7D8F.tmp --------- 5012  
 28.02.2010 17:52     C:\Windows\Temp\TTR7D8D.tmp --------- 10896  
 28.02.2010 17:52     C:\Windows\Temp\FOR7D7C.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\FOR7D8E.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR7D6C.tmp --------- 9588  
 28.02.2010 17:52     C:\Windows\Temp\FOR7D4B.tmp --------- 1409  
 28.02.2010 17:52     C:\Windows\Temp\TTR7D1C.tmp --------- 18304  
 27.02.2010 18:57     C:\Windows\Temp\TTRAC2F.tmp --------- 4360  
 27.02.2010 18:57     C:\Windows\Temp\FORAC1E.tmp --------- 1409  
 27.02.2010 18:57     C:\Windows\Temp\FORAC30.tmp --------- 1409  
 27.02.2010 18:57     C:\Windows\Temp\FORAC0D.tmp --------- 1409  
 27.02.2010 18:57     C:\Windows\Temp\TTRAC1D.tmp --------- 4696  
 27.02.2010 18:57     C:\Windows\Temp\TTRAC0C.tmp --------- 17144  
 27.02.2010 18:57     C:\Windows\Temp\FORABEB.tmp --------- 1409  
 27.02.2010 18:57     C:\Windows\Temp\TTRABDB.tmp --------- 5012  
 27.02.2010 18:57     C:\Windows\Temp\FORABCA.tmp --------- 1409  
 27.02.2010 18:57     C:\Windows\Temp\TTRABBA.tmp --------- 18304  
 31.01.2010 18:49     C:\Windows\Temp\History --------- 0  
 26.01.2010 08:57     C:\Windows\Temp\__SKIP_734 --------- 0  
 26.01.2010 08:47     C:\Windows\Temp\FORE716.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE715.tmp --------- 4356  
 26.01.2010 08:47     C:\Windows\Temp\FORE659.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE658.tmp --------- 4516  
 26.01.2010 08:47     C:\Windows\Temp\FORE647.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE646.tmp --------- 7516  
 26.01.2010 08:47     C:\Windows\Temp\FORE645.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE644.tmp --------- 8516  
 26.01.2010 08:47     C:\Windows\Temp\FORE643.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE642.tmp --------- 5484  
 26.01.2010 08:47     C:\Windows\Temp\FORE641.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE631.tmp --------- 9860  
 26.01.2010 08:47     C:\Windows\Temp\FORE4F8.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE4F7.tmp --------- 4644  
 26.01.2010 08:47     C:\Windows\Temp\FORE4D6.tmp --------- 1409  
 26.01.2010 08:47     C:\Windows\Temp\TTRE4D5.tmp --------- 4712  
 14.01.2010 22:17     C:\Windows\Temp\hss2.tmp --------- 3604528  
 09.01.2010 14:13     C:\Windows\Temp\HssInstaller --------- 0  
 30.12.2009 11:48     C:\Windows\Temp\FOR17F2.tmp --------- 1409  
 30.12.2009 11:48     C:\Windows\Temp\TTR17F1.tmp --------- 11612  
 30.12.2009 11:48     C:\Windows\Temp\FOR17F0.tmp --------- 1409  
 30.12.2009 11:48     C:\Windows\Temp\TTR17EF.tmp --------- 13028  
 30.12.2009 11:47     C:\Windows\Temp\FOR9131.tmp --------- 1409  
 30.12.2009 11:47     C:\Windows\Temp\TTR9130.tmp --------- 11612  
 30.12.2009 11:47     C:\Windows\Temp\FOR911F.tmp --------- 1409  
 30.12.2009 11:47     C:\Windows\Temp\TTR910F.tmp --------- 13028  
 30.12.2009 11:46     C:\Windows\Temp\FOR3E3C.tmp --------- 1409  
 30.12.2009 11:46     C:\Windows\Temp\TTR3E3B.tmp --------- 11612  
 30.12.2009 11:46     C:\Windows\Temp\FOR3E3A.tmp --------- 1409  
 30.12.2009 11:46     C:\Windows\Temp\TTR3E39.tmp --------- 13028  
 14.12.2009 15:18     C:\Windows\Temp\FORB990.tmp --------- 1409  
 14.12.2009 15:18     C:\Windows\Temp\TTRB98F.tmp --------- 26800  
 14.12.2009 15:14     C:\Windows\Temp\dmy803B.tmp --------- 0  
 14.12.2009 15:13     C:\Windows\Temp\dmy6A2C.tmp --------- 0  
 06.12.2009 21:44     C:\Windows\Temp\fwtsqmfile16.sqm --------- 632  
 23.11.2009 21:19     C:\Windows\Temp\FOR815A.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8159.tmp --------- 4336  
 23.11.2009 21:19     C:\Windows\Temp\FOR8149.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8148.tmp --------- 4436  
 23.11.2009 21:19     C:\Windows\Temp\FOR8128.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8127.tmp --------- 4724  
 23.11.2009 21:19     C:\Windows\Temp\FOR8126.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8125.tmp --------- 4388  
 23.11.2009 21:19     C:\Windows\Temp\FOR8124.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8123.tmp --------- 5480  
 23.11.2009 21:19     C:\Windows\Temp\FOR8112.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8111.tmp --------- 9768  
 23.11.2009 21:19     C:\Windows\Temp\FOR8016.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8015.tmp --------- 4268  
 23.11.2009 21:19     C:\Windows\Temp\FOR8014.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8013.tmp --------- 4336  
 23.11.2009 21:19     C:\Windows\Temp\FOR8003.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR8002.tmp --------- 4952  
 23.11.2009 21:19     C:\Windows\Temp\FOR7FF1.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR7FF0.tmp --------- 8548  
 23.11.2009 21:19     C:\Windows\Temp\FOR7FE0.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR7FDF.tmp --------- 6544  
 23.11.2009 21:19     C:\Windows\Temp\FOR7FCE.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR7FCD.tmp --------- 4732  
 23.11.2009 21:19     C:\Windows\Temp\FOR7FAD.tmp --------- 1409  
 23.11.2009 21:19     C:\Windows\Temp\TTR7FAC.tmp --------- 20156  
 23.11.2009 16:49     C:\Windows\Temp\dd_dotnetfx35install_lp.txt --------- 67098  
 23.11.2009 16:49     C:\Windows\Temp\uxeventlog.txt --------- 1528  
 23.11.2009 16:49     C:\Windows\Temp\dd_NET_Framework35_LangPack_MSI0268.txt --------- 493002  
 23.11.2009 16:49     C:\Windows\Temp\dd_depcheck_NETFX_EXP_35.txt --------- 35802  
 23.11.2009 16:48     C:\Windows\Temp\dd_dotnetfx35error_lp.txt --------- 2  
 07.11.2009 18:08     C:\Windows\Temp\fwtsqmfile15.sqm --------- 632  
 04.11.2009 23:36     C:\Windows\Temp\fwtsqmfile14.sqm --------- 120  
 04.11.2009 13:12     C:\Windows\Temp\fwtsqmfile13.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile12.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile11.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile10.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile09.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile08.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile07.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile06.sqm --------- 120  
 04.11.2009 13:05     C:\Windows\Temp\fwtsqmfile05.sqm --------- 120  
 04.11.2009 13:04     C:\Windows\Temp\fwtsqmfile04.sqm --------- 120  
 04.11.2009 13:04     C:\Windows\Temp\fwtsqmfile02.sqm --------- 120  
 04.11.2009 13:04     C:\Windows\Temp\fwtsqmfile01.sqm --------- 120  
 04.11.2009 13:04     C:\Windows\Temp\fwtsqmfile00.sqm --------- 120  
 04.11.2009 13:04     C:\Windows\Temp\fwtsqmfile03.sqm --------- 120  
 04.11.2009 13:04     C:\Windows\Temp\fwtsqmfile19.sqm --------- 120  
 03.11.2009 23:28     C:\Windows\Temp\fwtsqmfile18.sqm --------- 120  
 02.11.2009 23:11     C:\Windows\Temp\fwtsqmfile17.sqm --------- 120  
 14.10.2009 13:44     C:\Windows\Temp\RtSigs --------- 0  
 12.10.2009 11:38     C:\Windows\Temp\FORAA81.tmp --------- 1409  
 12.10.2009 11:38     C:\Windows\Temp\TTRAA80.tmp --------- 44268  
 12.10.2009 11:38     C:\Windows\Temp\FORA9B4.tmp --------- 1409  
 12.10.2009 11:38     C:\Windows\Temp\TTRA9B3.tmp --------- 45128  
 13.07.2009 21:04     C:\Windows\Temp\vmware-serverd.log --------- 19396  
 13.07.2009 21:04     C:\Windows\Temp\hsperfdata_TMSL$ --------- 0  
 12.07.2009 16:33     C:\Windows\Temp\vmware-vmount.log --------- 85  
 12.07.2009 11:19     C:\Windows\Temp\vmware-serverd-0.log --------- 19396  
 11.07.2009 22:03     C:\Windows\Temp\vmware-vmount-1.log --------- 85  
 11.07.2009 21:35     C:\Windows\Temp\vmware-serverd-1.log --------- 19397  
 10.07.2009 17:01     C:\Windows\Temp\vmware-vmount-2.log --------- 85  
 10.07.2009 13:44     C:\Windows\Temp\vmware-serverd-2.log --------- 19396  
 06.07.2009 21:04     C:\Windows\Temp\vmware-vmount-3.log --------- 85  
 06.07.2009 20:10     C:\Windows\Temp\vmware-serverd-3.log --------- 19295  
 06.07.2009 19:26     C:\Windows\Temp\vmware-vmount-4.log --------- 85  
 06.07.2009 13:50     C:\Windows\Temp\vmware-serverd-4.log --------- 19396  
 28.06.2009 21:40     C:\Windows\Temp\vmware-vmount-5.log --------- 85  
 28.06.2009 20:29     C:\Windows\Temp\vmware-serverd-5.log --------- 19396  
 28.06.2009 17:25     C:\Windows\Temp\vmware-vmount-6.log --------- 85  
 27.06.2009 23:33     C:\Windows\Temp\vmware-serverd-6.log --------- 19396  
 27.06.2009 15:31     C:\Windows\Temp\vmware-vmount-7.log --------- 85  
 27.06.2009 15:17     C:\Windows\Temp\vmware-serverd-7.log --------- 19396  
 24.06.2009 07:55     C:\Windows\Temp\vmware-vmount-8.log --------- 85  
 23.06.2009 22:34     C:\Windows\Temp\vmware-serverd-8.log --------- 19396  
 23.06.2009 21:40     C:\Windows\Temp\vmware-vmount-9.log --------- 85  
 23.06.2009 21:38     C:\Windows\Temp\vmware-serverd-9.log --------- 19396  
 22.06.2009 11:34     C:\Windows\Temp\vmware-vmount-10.log --------- 85  
 11.06.2009 21:19     C:\Windows\Temp\FOR9A9E.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9A9D.tmp --------- 4864  
 11.06.2009 21:19     C:\Windows\Temp\FOR9713.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9712.tmp --------- 8220  
 11.06.2009 21:19     C:\Windows\Temp\FOR9701.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9700.tmp --------- 6512  
 11.06.2009 21:19     C:\Windows\Temp\FOR96FF.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR96FE.tmp --------- 11484  
 11.06.2009 21:19     C:\Windows\Temp\FOR9671.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9670.tmp --------- 4616  
 11.06.2009 21:19     C:\Windows\Temp\FOR95C3.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR95C2.tmp --------- 6744  
 11.06.2009 21:19     C:\Windows\Temp\FOR95B2.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\FOR9590.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR95B1.tmp --------- 4692  
 11.06.2009 21:19     C:\Windows\Temp\TTR958F.tmp --------- 10624  
 11.06.2009 21:19     C:\Windows\Temp\FOR957F.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR957E.tmp --------- 5812  
 11.06.2009 21:19     C:\Windows\Temp\FOR9406.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9405.tmp --------- 9480  
 11.06.2009 21:19     C:\Windows\Temp\TTR93F4.tmp --------- 11624  
 11.06.2009 21:19     C:\Windows\Temp\FOR93F5.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\FOR9338.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9337.tmp --------- 15780  
 11.06.2009 21:19     C:\Windows\Temp\FOR9336.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9325.tmp --------- 19992  
 11.06.2009 21:19     C:\Windows\Temp\TTR9323.tmp --------- 6000  
 11.06.2009 21:19     C:\Windows\Temp\FOR9324.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR91CA.tmp --------- 24836  
 11.06.2009 21:19     C:\Windows\Temp\FOR91CB.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\FOR91B9.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR91B8.tmp --------- 9456  
 11.06.2009 21:19     C:\Windows\Temp\FOR91B7.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR91B6.tmp --------- 10472  
 11.06.2009 21:19     C:\Windows\Temp\FOR9186.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9185.tmp --------- 28292  
 11.06.2009 21:19     C:\Windows\Temp\FOR9184.tmp --------- 1409  
 11.06.2009 21:19     C:\Windows\Temp\TTR9183.tmp --------- 22184  
 08.06.2009 07:01     C:\Windows\Temp\FOR97E.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR97D.tmp --------- 4452  
 08.06.2009 07:01     C:\Windows\Temp\FOR95D.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR95C.tmp --------- 9364  
 08.06.2009 07:01     C:\Windows\Temp\FOR823.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR822.tmp --------- 10584  
 08.06.2009 07:01     C:\Windows\Temp\FOR7D3.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR7D2.tmp --------- 9120  
 08.06.2009 07:01     C:\Windows\Temp\FOR7C2.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR7C1.tmp --------- 5672  
 08.06.2009 07:01     C:\Windows\Temp\FOR7B0.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR7AF.tmp --------- 4952  
 08.06.2009 07:01     C:\Windows\Temp\FOR78F.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR78E.tmp --------- 4332  
 08.06.2009 07:01     C:\Windows\Temp\FOR77D.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR77C.tmp --------- 11436  
 08.06.2009 07:01     C:\Windows\Temp\FOR74C.tmp --------- 1409  
 08.06.2009 07:01     C:\Windows\Temp\TTR74B.tmp --------- 20380  
 01.06.2009 13:28     C:\Windows\Temp\TTRF97B.tmp --------- 9364  
 01.06.2009 13:28     C:\Windows\Temp\FORF97C.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\TTRF860.tmp --------- 10584  
 01.06.2009 13:28     C:\Windows\Temp\FORF85F.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\TTRF85E.tmp --------- 5272  
 01.06.2009 13:28     C:\Windows\Temp\FORF861.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\FORF84D.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\FORF84B.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\TTRF84C.tmp --------- 18364  
 01.06.2009 13:28     C:\Windows\Temp\TTRF84A.tmp --------- 5616  
 01.06.2009 13:28     C:\Windows\Temp\FORF83A.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\FORF838.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\TTRF837.tmp --------- 4628  
 01.06.2009 13:28     C:\Windows\Temp\TTRF839.tmp --------- 5316  
 01.06.2009 13:28     C:\Windows\Temp\TTRF835.tmp --------- 11412  
 01.06.2009 13:28     C:\Windows\Temp\FORF836.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\TTRF811.tmp --------- 9312  
 01.06.2009 13:28     C:\Windows\Temp\TTRF813.tmp --------- 20576  
 01.06.2009 13:28     C:\Windows\Temp\FORF812.tmp --------- 1409  
 01.06.2009 13:28     C:\Windows\Temp\FORF814.tmp --------- 1409  
 27.05.2009 08:17     C:\Windows\Temp\ASPNETSetup_00000.log --------- 775  
 26.05.2009 10:29     C:\Windows\Temp\FOR983E.tmp --------- 1409  
 26.05.2009 10:29     C:\Windows\Temp\TTR983D.tmp --------- 121852  
 26.05.2009 10:29     C:\Windows\Temp\FOR981C.tmp --------- 1409  
 26.05.2009 10:29     C:\Windows\Temp\TTR981B.tmp --------- 140808  
 26.05.2009 09:01     C:\Windows\Temp\~msdt --------- 0  
 20.03.2009 09:26     C:\Windows\Temp\Temporary Internet Files --------- 0  
----------------------------------------

 
C:\Users\Tommy\AppData\Local\Temp

 12.12.2011 17:03     C:\Users\Tommy\AppData\Local\Temp\AdobeARM.log --------- 134833  
 12.12.2011 17:03     C:\Users\Tommy\AppData\Local\Temp\WPDNSE --------- 0  
 12.12.2011 17:02     C:\Users\Tommy\AppData\Local\Temp\Tommy.bmp --------- 31832  
 11.12.2011 23:01     C:\Users\Tommy\AppData\Local\Temp\java_install_reg.log --------- 1819  
 11.12.2011 23:02     C:\Users\Tommy\AppData\Local\Temp\hsperfdata_Tommy --------- 0  
 11.12.2011 20:28     C:\Users\Tommy\AppData\Local\Temp\~DFE864.tmp --------- 16384  
 11.12.2011 15:53     C:\Users\Tommy\AppData\Local\Temp\divDF75.tmp --------- 0  
 07.12.2011 17:28     C:\Users\Tommy\AppData\Local\Temp\svl7j.tmp --------- 28663  
 07.12.2011 17:24     C:\Users\Tommy\AppData\Local\Temp\tmp59710715 --------- 0  
 07.12.2011 16:54     C:\Users\Tommy\AppData\Local\Temp\divDC88.tmp --------- 0  
 30.11.2011 18:04     C:\Users\Tommy\AppData\Local\Temp\Koala.log --------- 167306  
 30.11.2011 17:45     C:\Users\Tommy\AppData\Local\Temp\Koala.log.1 --------- 54833  
 30.11.2011 16:37     C:\Users\Tommy\AppData\Local\Temp\fontconfig --------- 0  
 30.11.2011 16:30     C:\Users\Tommy\AppData\Local\Temp\SkypeSetup.exe --------- 23803016  
 30.11.2011 11:07     C:\Users\Tommy\AppData\Local\Temp\divD87.tmp --------- 0  
 27.11.2011 22:50     C:\Users\Tommy\AppData\Local\Temp\divEC31.tmp --------- 0  
 27.11.2011 15:42     C:\Users\Tommy\AppData\Local\Temp\~DFD1CB.tmp --------- 16384  
 27.11.2011 13:18     C:\Users\Tommy\AppData\Local\Temp\scoped_dir26348 --------- 0  
 27.11.2011 13:17     C:\Users\Tommy\AppData\Local\Temp\scoped_dir26191 --------- 0  
 27.11.2011 13:17     C:\Users\Tommy\AppData\Local\Temp\scoped_dir30973 --------- 0  
 27.11.2011 10:36     C:\Users\Tommy\AppData\Local\Temp\divDA85.tmp --------- 0  
 26.11.2011 21:04     C:\Users\Tommy\AppData\Local\Temp\divD863.tmp --------- 0  
 25.11.2011 17:47     C:\Users\Tommy\AppData\Local\Temp\divE06F.tmp --------- 0  
 23.11.2011 18:32     C:\Users\Tommy\AppData\Local\Temp\div14D7.tmp --------- 0  
 22.11.2011 15:45     C:\Users\Tommy\AppData\Local\Temp\svf41.tmp --------- 28663  
 22.11.2011 15:44     C:\Users\Tommy\AppData\Local\Temp\divD855.tmp --------- 0  
 21.11.2011 20:21     C:\Users\Tommy\AppData\Local\Temp\div29E.tmp --------- 0  
 21.11.2011 20:21     C:\Users\Tommy\AppData\Local\Temp\1851.dir --------- 0  
 21.11.2011 20:20     C:\Users\Tommy\AppData\Local\Temp\1851.tmp --------- 0  
 20.11.2011 22:14     C:\Users\Tommy\AppData\Local\Temp\scoped_dir24093 --------- 0  
 20.11.2011 22:13     C:\Users\Tommy\AppData\Local\Temp\scoped_dir23976 --------- 0  
 20.11.2011 22:13     C:\Users\Tommy\AppData\Local\Temp\scoped_dir7529 --------- 0  
 20.11.2011 18:16     C:\Users\Tommy\AppData\Local\Temp\div4E00.tmp --------- 0  
 16.11.2011 19:14     C:\Users\Tommy\AppData\Local\Temp\scoped_dir7137 --------- 0  
 16.11.2011 19:14     C:\Users\Tommy\AppData\Local\Temp\scoped_dir5693 --------- 0  
 16.11.2011 19:14     C:\Users\Tommy\AppData\Local\Temp\scoped_dir7039 --------- 0  
 16.11.2011 18:37     C:\Users\Tommy\AppData\Local\Temp\MemCrash20111116183737.bin --------- 0  
 16.11.2011 17:27     C:\Users\Tommy\AppData\Local\Temp\div74E1.tmp --------- 0  
 14.11.2011 18:16     C:\Users\Tommy\AppData\Local\Temp\scoped_dir21285 --------- 0  
 14.11.2011 18:15     C:\Users\Tommy\AppData\Local\Temp\scoped_dir23816 --------- 0  
 14.11.2011 18:15     C:\Users\Tommy\AppData\Local\Temp\scoped_dir21148 --------- 0  
 14.11.2011 18:15     C:\Users\Tommy\AppData\Local\Temp\div5002.tmp --------- 0  
 14.11.2011 16:14     C:\Users\Tommy\AppData\Local\Temp\scoped_dir30172 --------- 0  
 14.11.2011 16:14     C:\Users\Tommy\AppData\Local\Temp\scoped_dir17267 --------- 0  
 14.11.2011 16:14     C:\Users\Tommy\AppData\Local\Temp\scoped_dir30090 --------- 0  
 14.11.2011 15:25     C:\Users\Tommy\AppData\Local\Temp\div203C.tmp --------- 0  
 14.11.2011 12:13     C:\Users\Tommy\AppData\Local\Temp\svc0c.tmp --------- 28663  
 14.11.2011 11:42     C:\Users\Tommy\AppData\Local\Temp\sv78a.tmp --------- 28663  
 14.11.2011 11:38     C:\Users\Tommy\AppData\Local\Temp\svec4.tmp --------- 28663  
 14.11.2011 10:04     C:\Users\Tommy\AppData\Local\Temp\DDMCache --------- 0  
 14.11.2011 10:03     C:\Users\Tommy\AppData\Local\Temp\divFF92.tmp --------- 0  
 14.11.2011 10:01     C:\Users\Tommy\AppData\Local\Temp\divA591.tmp --------- 0  
 12.11.2011 22:33     C:\Users\Tommy\AppData\Local\Temp\scoped_dir31545 --------- 0  
 12.11.2011 22:32     C:\Users\Tommy\AppData\Local\Temp\scoped_dir26265 --------- 0  
 12.11.2011 22:32     C:\Users\Tommy\AppData\Local\Temp\scoped_dir31421 --------- 0  
 12.11.2011 22:11     C:\Users\Tommy\AppData\Local\Temp\CFGF8A1.tmp --------- 123  
 12.11.2011 21:15     C:\Users\Tommy\AppData\Local\Temp\divFBEA.tmp --------- 0  
 09.11.2011 22:30     C:\Users\Tommy\AppData\Local\Temp\scoped_dir3817 --------- 0  
 09.11.2011 22:28     C:\Users\Tommy\AppData\Local\Temp\scoped_dir1058 --------- 0  
 09.11.2011 22:28     C:\Users\Tommy\AppData\Local\Temp\scoped_dir3484 --------- 0  
 09.11.2011 21:55     C:\Users\Tommy\AppData\Local\Temp\div6640.tmp --------- 0  
 09.11.2011 09:13     C:\Users\Tommy\AppData\Local\Temp\divCA02.tmp --------- 0  
 08.11.2011 21:54     C:\Users\Tommy\AppData\Local\Temp\divCE17.tmp --------- 0  
 07.11.2011 18:47     C:\Users\Tommy\AppData\Local\Temp\div38AC.tmp --------- 0  
 07.11.2011 17:27     C:\Users\Tommy\AppData\Local\Temp\svelm.tmp --------- 28663  
 07.11.2011 17:22     C:\Users\Tommy\AppData\Local\Temp\svoik.tmp --------- 28663  
 07.11.2011 17:19     C:\Users\Tommy\AppData\Local\Temp\scoped_dir1214 --------- 0  
 07.11.2011 17:18     C:\Users\Tommy\AppData\Local\Temp\scoped_dir28897 --------- 0  
 07.11.2011 17:18     C:\Users\Tommy\AppData\Local\Temp\scoped_dir1054 --------- 0  
 06.11.2011 19:22     C:\Users\Tommy\AppData\Local\Temp\~DF3462.tmp --------- 16384  
 06.11.2011 19:17     C:\Users\Tommy\AppData\Local\Temp\divD4FA.tmp --------- 0  
 06.11.2011 11:46     C:\Users\Tommy\AppData\Local\Temp\~DF101D.tmp --------- 16384  
 06.11.2011 10:09     C:\Users\Tommy\AppData\Local\Temp\div1B4.tmp --------- 0  
 05.11.2011 17:31     C:\Users\Tommy\AppData\Local\Temp\div1D11.tmp --------- 0  
 05.11.2011 08:00     C:\Users\Tommy\AppData\Local\Temp\divD789.tmp --------- 0  
 04.11.2011 18:45     C:\Users\Tommy\AppData\Local\Temp\scoped_dir23574 --------- 0  
 04.11.2011 18:45     C:\Users\Tommy\AppData\Local\Temp\scoped_dir27365 --------- 0  
 04.11.2011 18:45     C:\Users\Tommy\AppData\Local\Temp\scoped_dir23454 --------- 0  
 04.11.2011 18:29     C:\Users\Tommy\AppData\Local\Temp\divE85B.tmp --------- 0  
 02.11.2011 20:30     C:\Users\Tommy\AppData\Local\Temp\scoped_dir4072 --------- 0  
 02.11.2011 19:41     C:\Users\Tommy\AppData\Local\Temp\div4088.tmp --------- 0  
 02.11.2011 17:21     C:\Users\Tommy\AppData\Local\Temp\scoped_dir32687 --------- 0  
 02.11.2011 17:19     C:\Users\Tommy\AppData\Local\Temp\~DFACBA.tmp --------- 16384  
 02.11.2011 16:36     C:\Users\Tommy\AppData\Local\Temp\div21A3.tmp --------- 0  
 31.10.2011 18:32     C:\Users\Tommy\AppData\Local\Temp\divDE6C.tmp --------- 0  
 31.10.2011 17:19     C:\Users\Tommy\AppData\Local\Temp\~DF34C0.tmp --------- 16384  
 31.10.2011 16:50     C:\Users\Tommy\AppData\Local\Temp\divD854.tmp --------- 0  
 30.10.2011 19:42     C:\Users\Tommy\AppData\Local\Temp\scoped_dir236 --------- 0  
 30.10.2011 19:41     C:\Users\Tommy\AppData\Local\Temp\scoped_dir128 --------- 0  
 30.10.2011 19:41     C:\Users\Tommy\AppData\Local\Temp\scoped_dir1841 --------- 0  
 30.10.2011 19:37     C:\Users\Tommy\AppData\Local\Temp\MemCrash20111030193733.bin --------- 0  
 30.10.2011 18:53     C:\Users\Tommy\AppData\Local\Temp\divF391.tmp --------- 0  
 28.10.2011 15:42     C:\Users\Tommy\AppData\Local\Temp\scoped_dir11567 --------- 0  
 28.10.2011 15:42     C:\Users\Tommy\AppData\Local\Temp\scoped_dir25771 --------- 0  
 28.10.2011 15:42     C:\Users\Tommy\AppData\Local\Temp\scoped_dir11485 --------- 0  
 28.10.2011 15:21     C:\Users\Tommy\AppData\Local\Temp\div60B5.tmp --------- 0  
 28.10.2011 13:39     C:\Users\Tommy\AppData\Local\Temp\scoped_dir20215 --------- 0  
 28.10.2011 12:05     C:\Users\Tommy\AppData\Local\Temp\scoped_dir29466 --------- 0  
 28.10.2011 12:05     C:\Users\Tommy\AppData\Local\Temp\scoped_dir1814 --------- 0  
 28.10.2011 09:31     C:\Users\Tommy\AppData\Local\Temp\svdm3.tmp --------- 28663  
 28.10.2011 09:25     C:\Users\Tommy\AppData\Local\Temp\divDED9.tmp --------- 0  
 27.10.2011 22:17     C:\Users\Tommy\AppData\Local\Temp\divE56E.tmp --------- 0  
 27.10.2011 07:29     C:\Users\Tommy\AppData\Local\Temp\div6C87.tmp --------- 0  
 26.10.2011 19:11     C:\Users\Tommy\AppData\Local\Temp\svn2p.tmp --------- 28663  
 26.10.2011 19:03     C:\Users\Tommy\AppData\Local\Temp\divE2EE.tmp --------- 0  
 24.10.2011 20:46     C:\Users\Tommy\AppData\Local\Temp\divEA1F.tmp --------- 0  
 23.10.2011 22:35     C:\Users\Tommy\AppData\Local\Temp\MemCrash20111023233514.bin --------- 0  
 23.10.2011 18:47     C:\Users\Tommy\AppData\Local\Temp\div23B5.tmp --------- 0  
 23.10.2011 11:31     C:\Users\Tommy\AppData\Local\Temp\plugtmp-6 --------- 0  
 23.10.2011 11:14     C:\Users\Tommy\AppData\Local\Temp\div4B1.tmp --------- 0  
 22.10.2011 19:52     C:\Users\Tommy\AppData\Local\Temp\plugtmp-5 --------- 0  
 22.10.2011 18:34     C:\Users\Tommy\AppData\Local\Temp\div86FA.tmp --------- 0  
 22.10.2011 09:08     C:\Users\Tommy\AppData\Local\Temp\div5D6B.tmp --------- 0  
 21.10.2011 20:30     C:\Users\Tommy\AppData\Local\Temp\div2BB1.tmp --------- 0  
 21.10.2011 16:22     C:\Users\Tommy\AppData\Local\Temp\divE39A.tmp --------- 0  
 20.10.2011 14:23     C:\Users\Tommy\AppData\Local\Temp\divB144.tmp --------- 0  
 19.10.2011 18:55     C:\Users\Tommy\AppData\Local\Temp\scoped_dir394 --------- 0  
 19.10.2011 18:55     C:\Users\Tommy\AppData\Local\Temp\scoped_dir17889 --------- 0  
 19.10.2011 18:55     C:\Users\Tommy\AppData\Local\Temp\scoped_dir315 --------- 0  
 19.10.2011 18:26     C:\Users\Tommy\AppData\Local\Temp\div4BCE.tmp --------- 0  
 18.10.2011 19:30     C:\Users\Tommy\AppData\Local\Temp\divE38A.tmp --------- 0  
 18.10.2011 16:27     C:\Users\Tommy\AppData\Local\Temp\scoped_dir16965 --------- 0  
 18.10.2011 15:44     C:\Users\Tommy\AppData\Local\Temp\scoped_dir8553 --------- 0  
 18.10.2011 15:44     C:\Users\Tommy\AppData\Local\Temp\scoped_dir8435 --------- 0  
 18.10.2011 15:44     C:\Users\Tommy\AppData\Local\Temp\scoped_dir8432 --------- 0  
 18.10.2011 15:41     C:\Users\Tommy\AppData\Local\Temp\APNLogs --------- 0  
 18.10.2011 15:41     C:\Users\Tommy\AppData\Local\Temp\AskSLib.dll --------- 246440  
 18.10.2011 15:41     C:\Users\Tommy\AppData\Local\Temp\APN-Stub --------- 0  
 18.10.2011 15:41     C:\Users\Tommy\AppData\Local\Temp\AppRemover_Log.txt --------- 6397  
 18.10.2011 15:40     C:\Users\Tommy\AppData\Local\Temp\E57E.dir --------- 0  
 18.10.2011 15:40     C:\Users\Tommy\AppData\Local\Temp\divC3EB.tmp --------- 0  
 18.10.2011 15:40     C:\Users\Tommy\AppData\Local\Temp\E57E.tmp --------- 0  
 18.10.2011 15:37     C:\Users\Tommy\AppData\Local\Temp\RarSFX0 --------- 49152  
 18.10.2011 15:36     C:\Users\Tommy\AppData\Local\Temp\~DF3F59.tmp --------- 81920  
 18.10.2011 15:35     C:\Users\Tommy\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20111018_163528991.html --------- 75254  
 18.10.2011 15:35     C:\Users\Tommy\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20111018_163528991-MSI_vc_red.msi.txt --------- 755678  
 18.10.2011 15:35     C:\Users\Tommy\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219 --------- 0  
 18.10.2011 15:32     C:\Users\Tommy\AppData\Local\Temp\divC3EA.tmp --------- 0  
 17.10.2011 19:28     C:\Users\Tommy\AppData\Local\Temp\divCFCC.tmp --------- 0  
 16.10.2011 21:18     C:\Users\Tommy\AppData\Local\Temp\~DFFC5C.tmp --------- 32768  
 16.10.2011 20:52     C:\Users\Tommy\AppData\Local\Temp\scoped_dir28880 --------- 0  
 16.10.2011 20:52     C:\Users\Tommy\AppData\Local\Temp\scoped_dir30661 --------- 0  
 16.10.2011 20:52     C:\Users\Tommy\AppData\Local\Temp\scoped_dir28792 --------- 0  
 16.10.2011 20:45     C:\Users\Tommy\AppData\Local\Temp\divDDD0.tmp --------- 0  
 15.10.2011 20:43     C:\Users\Tommy\AppData\Local\Temp\dd_dotnetfx35install.txt --------- 113916  
 15.10.2011 20:43     C:\Users\Tommy\AppData\Local\Temp\uxeventlog.txt --------- 1674  
 15.10.2011 20:43     C:\Users\Tommy\AppData\Local\Temp\dd_depcheck_NETFX_EXP_35.txt --------- 174078  
 15.10.2011 20:42     C:\Users\Tommy\AppData\Local\Temp\dd_dotnetfx35error.txt --------- 2  
 15.10.2011 20:36     C:\Users\Tommy\AppData\Local\Temp\scoped_dir5763 --------- 0  
 15.10.2011 20:36     C:\Users\Tommy\AppData\Local\Temp\scoped_dir2512 --------- 0  
 15.10.2011 20:36     C:\Users\Tommy\AppData\Local\Temp\scoped_dir5721 --------- 0  
 15.10.2011 19:21     C:\Users\Tommy\AppData\Local\Temp\div9A89.tmp --------- 0  
 15.10.2011 18:08     C:\Users\Tommy\AppData\Local\Temp\scoped_dir9409 --------- 0  
 15.10.2011 10:32     C:\Users\Tommy\AppData\Local\Temp\divD400.tmp --------- 0  
 14.10.2011 20:31     C:\Users\Tommy\AppData\Local\Temp\plugtmp-4 --------- 0  
 14.10.2011 20:16     C:\Users\Tommy\AppData\Local\Temp\~DFB999.tmp --------- 49152  
 14.10.2011 14:56     C:\Users\Tommy\AppData\Local\Temp\div14C7.tmp --------- 0  
 14.10.2011 07:08     C:\Users\Tommy\AppData\Local\Temp\divCB2A.tmp --------- 0  
 13.10.2011 19:47     C:\Users\Tommy\AppData\Local\Temp\div64F9.tmp --------- 0  
 13.10.2011 07:21     C:\Users\Tommy\AppData\Local\Temp\divC11C.tmp --------- 0  
 12.10.2011 20:11     C:\Users\Tommy\AppData\Local\Temp\plugtmp-3 --------- 0  
 12.10.2011 19:04     C:\Users\Tommy\AppData\Local\Temp\divE187.tmp --------- 0  
 12.10.2011 17:36     C:\Users\Tommy\AppData\Local\Temp\~DF1A88.tmp --------- 16384  
 12.10.2011 07:29     C:\Users\Tommy\AppData\Local\Temp\divC1F7.tmp --------- 0  
 11.10.2011 17:02     C:\Users\Tommy\AppData\Local\Temp\divDFB3.tmp --------- 0  
 10.10.2011 18:26     C:\Users\Tommy\AppData\Local\Temp\divE11A.tmp --------- 0  
 09.10.2011 18:50     C:\Users\Tommy\AppData\Local\Temp\divE159.tmp --------- 0  
 09.10.2011 09:30     C:\Users\Tommy\AppData\Local\Temp\div96A3.tmp --------- 0  
 08.10.2011 17:46     C:\Users\Tommy\AppData\Local\Temp\divC4C4.tmp --------- 0  
 08.10.2011 10:13     C:\Users\Tommy\AppData\Local\Temp\divC409.tmp --------- 0  
 07.10.2011 19:32     C:\Users\Tommy\AppData\Local\Temp\plugtmp-2 --------- 0  
 07.10.2011 18:47     C:\Users\Tommy\AppData\Local\Temp\~DFE649.tmp --------- 16384  
 07.10.2011 16:50     C:\Users\Tommy\AppData\Local\Temp\VWL.exe --------- 572288  
 07.10.2011 16:30     C:\Users\Tommy\AppData\Local\Temp\divE10B.tmp --------- 0  
 06.10.2011 14:43     C:\Users\Tommy\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 801  
 06.10.2011 14:42     C:\Users\Tommy\AppData\Local\Temp\divDC69.tmp --------- 0  
 05.10.2011 20:28     C:\Users\Tommy\AppData\Local\Temp\BTN%Copy%1 --------- 0  
 05.10.2011 20:02     C:\Users\Tommy\AppData\Local\Temp\scoped_dir28476 --------- 0  
 05.10.2011 20:00     C:\Users\Tommy\AppData\Local\Temp\div9E7F.tmp --------- 0  
 04.10.2011 22:09     C:\Users\Tommy\AppData\Local\Temp\svemo.tmp --------- 28663  
 04.10.2011 21:50     C:\Users\Tommy\AppData\Local\Temp\div253B.tmp --------- 0  
 03.10.2011 19:03     C:\Users\Tommy\AppData\Local\Temp\5gxHh0eA.htm.part --------- 0  
 03.10.2011 17:44     C:\Users\Tommy\AppData\Local\Temp\divDEBA.tmp --------- 0  
 03.10.2011 11:37     C:\Users\Tommy\AppData\Local\Temp\div4A68.tmp --------- 0  
 03.10.2011 11:37     C:\Users\Tommy\AppData\Local\Temp\div4672.tmp --------- 0  
 03.10.2011 11:27     C:\Users\Tommy\AppData\Local\Temp\plugtmp-1 --------- 0  
 03.10.2011 11:09     C:\Users\Tommy\AppData\Local\Temp\Low --------- 0  
 30.09.2011 21:49     C:\Users\Tommy\AppData\Local\Temp\divC457.tmp --------- 0  
 29.09.2011 16:18     C:\Users\Tommy\AppData\Local\Temp\divC2F0.tmp --------- 0  
 28.09.2011 22:16     C:\Users\Tommy\AppData\Local\Temp\divCF5F.tmp --------- 0  
 28.09.2011 18:44     C:\Users\Tommy\AppData\Local\Temp\divF768.tmp --------- 0  
 28.09.2011 15:32     C:\Users\Tommy\AppData\Local\Temp\8066.dir --------- 0  
 28.09.2011 15:32     C:\Users\Tommy\AppData\Local\Temp\8066.tmp --------- 0  
 28.09.2011 15:31     C:\Users\Tommy\AppData\Local\Temp\div10E1.tmp --------- 0  
 26.09.2011 15:53     C:\Users\Tommy\AppData\Local\Temp\div7F6B.tmp --------- 0  
 26.09.2011 07:45     C:\Users\Tommy\AppData\Local\Temp\divC7E0.tmp --------- 0  
 25.09.2011 18:47     C:\Users\Tommy\AppData\Local\Temp\divE3F7.tmp --------- 0  
 23.09.2011 14:29     C:\Users\Tommy\AppData\Local\Temp\divD8E0.tmp --------- 0  
 22.09.2011 08:02     C:\Users\Tommy\AppData\Local\Temp\scoped_dir20547 --------- 0  
 22.09.2011 08:02     C:\Users\Tommy\AppData\Local\Temp\scoped_dir20456 --------- 0  
 22.09.2011 08:02     C:\Users\Tommy\AppData\Local\Temp\scoped_dir1692 --------- 0  
 22.09.2011 07:58     C:\Users\Tommy\AppData\Local\Temp\~DFC495.tmp --------- 16384  
 22.09.2011 07:56     C:\Users\Tommy\AppData\Local\Temp\divE520.tmp --------- 0  
 21.09.2011 15:55     C:\Users\Tommy\AppData\Local\Temp\~DFECF2.tmp --------- 16384  
 21.09.2011 15:16     C:\Users\Tommy\AppData\Local\Temp\divDA76.tmp --------- 0  
 19.09.2011 16:37     C:\Users\Tommy\AppData\Local\Temp\div76A5.tmp --------- 0  
 15.09.2011 07:49     C:\Users\Tommy\AppData\Local\Temp\divF131.tmp --------- 0  
 11.09.2011 20:14     C:\Users\Tommy\AppData\Local\Temp\History --------- 0  
 11.09.2011 20:14     C:\Users\Tommy\AppData\Local\Temp\Cookies --------- 0  
 11.09.2011 20:14     C:\Users\Tommy\AppData\Local\Temp\Temporary Internet Files --------- 0  
 11.09.2011 20:13     C:\Users\Tommy\AppData\Local\Temp\Adobe --------- 0  
 11.09.2011 20:03     C:\Users\Tommy\AppData\Local\Temp\divBFD5.tmp --------- 0  
 11.09.2011 08:12     C:\Users\Tommy\AppData\Local\Temp\plugtmp --------- 0  
 11.09.2011 07:57     C:\Users\Tommy\AppData\Local\Temp\divCEE2.tmp --------- 0  
 10.09.2011 10:23     C:\Users\Tommy\AppData\Local\Temp\divD24B.tmp --------- 0  
 10.09.2011 10:23     C:\Users\Tommy\AppData\Local\Temp\Log --------- 0  
 29.07.2011 22:36     C:\Users\Tommy\AppData\Local\Temp\DivXSetup.exe --------- 920576  
 22.05.2011 10:22     C:\Users\Tommy\AppData\Local\Temp\PDFCreator --------- 0  
----------------------------------------

 
C:\Program Files

 11.12.2011 21:04     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 07.12.2011 18:29     C:\Program Files\Opera --------- 8192  
 14.11.2011 16:12     C:\Program Files\Common Files --------- 8192  
 14.11.2011 10:03     C:\Program Files\DivX --------- 4096  
 18.10.2011 15:42     C:\Program Files\Avira --------- 0  
 12.10.2011 20:49     C:\Program Files\Internet Explorer --------- 4096  
 12.10.2011 07:51     C:\Program Files\Mozilla Firefox --------- 32768  
 07.10.2011 16:52     C:\Program Files\Sophos --------- 0  
 15.07.2011 14:20     C:\Program Files\Adobe --------- 0  
 03.07.2011 22:16     C:\Program Files\Windows Portable Devices --------- 0  
 22.05.2011 10:21     C:\Program Files\PDFCreator --------- 4096  
 26.04.2011 08:47     C:\Program Files\InstallShield Installation Information --------- 8192  
 16.04.2011 11:07     C:\Program Files\ElsterFormular --------- 4096  
 15.04.2011 21:23     C:\Program Files\Hotspot Shield --------- 4096  
 29.03.2011 12:55     C:\Program Files\LOLReplay --------- 0  
 29.03.2011 08:39     C:\Program Files\No23 Recorder --------- 4096  
 23.03.2011 21:58     C:\Program Files\Nmap --------- 8192  
 23.03.2011 21:58     C:\Program Files\WinPcap --------- 0  
 23.03.2011 19:14     C:\Program Files\PixiePack Codec Pack --------- 0  
 13.03.2011 10:51     C:\Program Files\Pando Networks --------- 0  
 27.02.2011 17:11     C:\Program Files\CodeBlocks --------- 4096  
 24.02.2011 12:24     C:\Program Files\Maple 14 --------- 4096  
 18.02.2011 23:51     C:\Program Files\Java --------- 4096  
 18.02.2011 16:15     C:\Program Files\NVIDIA Corporation --------- 4096  
 15.12.2010 11:16     C:\Program Files\Windows Mail --------- 4096  
 17.11.2010 10:11     C:\Program Files\FreePDF_XP --------- 0  
 27.10.2010 17:17     C:\Program Files\Microsoft XNA --------- 0  
 23.10.2010 20:18     C:\Program Files\RayV --------- 0  
 18.10.2010 09:34     C:\Program Files\Recuva --------- 0  
 17.10.2010 18:43     C:\Program Files\DVDVideoSoft --------- 0  
 13.10.2010 11:21     C:\Program Files\Windows Media Player --------- 4096  
 16.09.2010 19:27     C:\Program Files\Zero G Registry --------- 0  
 09.09.2010 22:43     C:\Program Files\OpenOffice.org 3 --------- 4096  
 11.08.2010 12:00     C:\Program Files\Movie Maker --------- 4096  
 12.06.2010 15:04     C:\Program Files\Livestream Procaster --------- 8192  
 09.06.2010 08:26     C:\Program Files\Auslogics --------- 0  
 29.05.2010 09:41     C:\Program Files\WinDjView --------- 0  
 21.05.2010 19:48     C:\Program Files\TeamViewer --------- 0  
 21.05.2010 19:33     C:\Program Files\Microsoft SharedView --------- 4096  
 08.05.2010 20:04     C:\Program Files\QS --------- 0  
 03.05.2010 22:38     C:\Program Files\Windows Live --------- 4096  
 03.05.2010 22:38     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 01.05.2010 10:42     C:\Program Files\oZone3D --------- 0  
 01.05.2010 10:33     C:\Program Files\CPUID --------- 0  
 17.04.2010 21:36     C:\Program Files\Microsoft --------- 0  
 17.04.2010 21:35     C:\Program Files\Windows Live SkyDrive --------- 0  
 07.04.2010 09:14     C:\Program Files\Microsoft Games for Windows - LIVE --------- 0  
 30.03.2010 08:13     C:\Program Files\IDT --------- 0  
 29.03.2010 20:24     C:\Program Files\Lavalys --------- 0  
 14.02.2010 16:57     C:\Program Files\BOINC --------- 8192  
 10.02.2010 18:14     C:\Program Files\Notepad++ --------- 4096  
 27.01.2010 22:25     C:\Program Files\avertSoftware --------- 0  
 22.10.2009 14:32     C:\Program Files\Microsoft Windows 7 Upgrade Advisor --------- 4096  
 18.10.2009 18:34     C:\Program Files\WIDCOMM --------- 0  
 18.10.2009 18:18     C:\Program Files\Dell --------- 4096  
 10.10.2009 14:14     C:\Program Files\GUI for dvdauthor --------- 8192  
 02.09.2009 10:14     C:\Program Files\Inkscape --------- 20480  
 02.09.2009 08:51     C:\Program Files\GhostScript --------- 0  
 02.09.2009 08:50     C:\Program Files\Ghostview --------- 0  
 08.06.2009 17:53     C:\Program Files\Sierra On-Line --------- 4096  
 08.06.2009 17:04     C:\Program Files\Xvid --------- 4096  
 03.06.2009 18:17     C:\Program Files\Microprose --------- 0  
 27.05.2009 08:11     C:\Program Files\Windows Calendar --------- 0  
 27.05.2009 08:11     C:\Program Files\Windows Sidebar --------- 4096  
 27.05.2009 08:11     C:\Program Files\Windows Collaboration --------- 4096  
 27.05.2009 08:11     C:\Program Files\Windows Photo Gallery --------- 4096  
 27.05.2009 08:11     C:\Program Files\Windows Defender --------- 4096  
 26.05.2009 09:29     C:\Program Files\OO Software --------- 0  
 26.05.2009 08:54     C:\Program Files\Panda Security --------- 0  
 12.04.2009 22:50     C:\Program Files\Astonsoft --------- 0  
 12.04.2009 22:13     C:\Program Files\VMware --------- 4096  
 04.02.2009 13:12     C:\Program Files\7-Zip --------- 4096  
 18.12.2008 17:43     C:\Program Files\OpenOffice.org 2.4 --------- 0  
 19.11.2008 15:22     C:\Program Files\OriginLab --------- 0  
 16.10.2008 17:52     C:\Program Files\Marvell-HP --------- 0  
 16.10.2008 17:51     C:\Program Files\Hewlett-Packard --------- 0  
 20.06.2008 11:56     C:\Program Files\QuickTime --------- 4096  
 17.06.2008 22:08     C:\Program Files\Nortel Networks --------- 4096  
 15.06.2008 21:28     C:\Program Files\Acronis --------- 0  
 12.06.2008 21:24     C:\Program Files\MiKTeX 2.7 --------- 4096  
 08.06.2008 18:43     C:\Program Files\MSXML 4.0 --------- 0  
 07.06.2008 22:47     C:\Program Files\Microsoft Office --------- 0  
 07.06.2008 22:46     C:\Program Files\CyberLink --------- 0  
 07.06.2008 19:22     C:\Program Files\Marvell --------- 0  
 07.06.2008 19:19     C:\Program Files\Intel --------- 0  
 07.06.2008 18:16     C:\Program Files\desktop.ini --------- 174  
 07.06.2008 17:39     C:\Program Files\DellTPad --------- 4096  
 07.06.2008 17:33     C:\Program Files\Protector Suite QL --------- 12288  
 07.06.2008 17:13     C:\Program Files\Windows NT --------- 4096  
 07.06.2008 17:13     C:\Program Files\Gemeinsame Dateien --------- 0  
 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 13:37     C:\Program Files\MSBuild --------- 0  
 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

Tommy    
Public    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         2.972 K
smss.exe                       536 Services                   0           792 K
csrss.exe                      604 Services                   0         5.252 K
wininit.exe                    660 Services                   0         4.164 K
csrss.exe                      668 Console                    1        13.204 K
services.exe                   704 Services                   0         6.748 K
lsass.exe                      728 Services                   0         9.968 K
lsm.exe                        736 Services                   0         4.076 K
winlogon.exe                   764 Console                    1         5.520 K
svchost.exe                    948 Services                   0         6.648 K
nvvsvc.exe                    1000 Services                   0         4.236 K
svchost.exe                   1028 Services                   0         6.020 K
svchost.exe                   1064 Services                   0        32.820 K
svchost.exe                   1156 Services                   0        10.492 K
svchost.exe                   1196 Services                   0        68.336 K
svchost.exe                   1236 Services                   0       298.356 K
audiodg.exe                   1364 Services                   0        13.940 K
svchost.exe                   1488 Services                   0         4.640 K
SLsvc.exe                     1528 Services                   0        11.268 K
nvvsvc.exe                    1572 Console                    1         8.516 K
svchost.exe                   1612 Services                   0        12.284 K
upeksvr.exe                   1724 Console                    1        10.756 K
svchost.exe                   1744 Services                   0        16.044 K
WLTRYSVC.EXE                  1972 Services                   0         2.752 K
BCMWLTRY.EXE                  1992 Services                   0        18.032 K
spoolsv.exe                    308 Services                   0        10.988 K
wlanext.exe                    388 Services                   0        17.972 K
sched.exe                      408 Services                   0           632 K
svchost.exe                    480 Services                   0        19.684 K
armsvc.exe                    1980 Services                   0         3.476 K
avguard.exe                   1984 Services                   0        34.440 K
svchost.exe                   1752 Services                   0         3.368 K
DevSvc.exe                    1924 Services                   0         9.192 K
EvtEng.exe                     376 Services                   0        15.852 K
openvpnas.exe                  652 Services                   0         5.240 K
hsssrv.exe                    2056 Services                   0         6.548 K
hsswd.exe                     2228 Services                   0         5.580 K
LSSrvc.exe                    2268 Services                   0         3.444 K
NvcRpcSvr.exe                 2308 Services                   0         3.384 K
RegSrvc.exe                   2336 Services                   0         4.252 K
svchost.exe                   2388 Services                   0         6.412 K
avshadow.exe                  3044 Services                   0         5.820 K
taskeng.exe                   3528 Services                   0         5.732 K
dwm.exe                       3592 Console                    1         3.568 K
taskeng.exe                   3620 Console                    1        11.468 K
explorer.exe                  3640 Console                    1        43.432 K
HP2014MC.EXE                  3832 Services                   0         3.352 K
MSASCui.exe                   4060 Console                    1         9.332 K
WLTRAY.EXE                    4084 Console                    1        15.060 K
Apoint.exe                    4092 Console                    1         6.024 K
sttray.exe                    2064 Console                    1        12.004 K
avgnt.exe                     2512 Console                    1         4.776 K
psqltray.exe                  2672 Console                    1        13.616 K
ApMsgFwd.exe                  3332 Console                    1         2.856 K
hidfind.exe                   1420 Console                    1         3.404 K
wmpnscfg.exe                  3424 Console                    1         5.116 K
ApntEx.exe                    2948 Console                    1         3.856 K
RMClock.exe                   3452 Console                    1        11.424 K
opera.exe                     1908 Console                    1       227.264 K
WmiPrvSE.exe                  3712 Services                   0         8.820 K
cmd.exe                       1664 Console                    1         2.976 K
conime.exe                     944 Console                    1         3.384 K
TrustedInstaller.exe          3908 Services                   0         8.440 K
tasklist.exe                  3784 Console                    1         4.680 K

 
***** Ende des Scans 12.12.2011 um 17:06:14,74 ***
         
Vielen Dank für die schnelle Rückmeldung
__________________

Alt 14.12.2011, 11:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Bitte poste nicht einfach irgendwelche Logs! HJTScanlist hab ich nicht gewollt!

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2011, 22:36   #5
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Hi, hier das Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7bdb92cc7209bd469c31c94e6831e91b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-14 09:14:57
# local_time=2011-12-14 10:14:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 4942323 4942323 0 0
# compatibility_mode=5892 16776573 100 100 4545 161423947 0 0
# compatibility_mode=8192 67108863 100 0 4017 4017 0 0
# scanned=329404
# found=4
# cleaned=0
# scan_time=6052
C:\Program Files\Hotspot Shield\bin\openvpnas.exe	a variant of Win32/HotSpotShield application (unable to clean)	00000000000000000000000000000000	I
C:\Progs\Hotspot Shield\bin\openvpnas.exe	a variant of Win32/HotSpotShield application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tommy\Desktop\icufa.7z	Win32/Spy.Zbot.YW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Temp\hss_update.exe	a variant of Win32/HotSpotShield application (unable to clean)	00000000000000000000000000000000	I
         
- Icufa.7z ist die Datei (gezipt), die mir urspünglich aufgefallen ist. Antivir hat sie nicht erkannt als ich sie per Rechtsklick "überprüfen mit Antivir" gescannt habe. 5 Minuten später hat er sie gemeldet. Das wollte ich so noch an Antivir weitergeben, deshalb existiert die Datei noch.

- Zu HSS: Benutze ich, hab ich auch installiert. Weiß nicht wirklich warum an zwei Orten. Hab die Dateien auch bei virustotal nochmal hochgeladen - da gab es 1 respektive 2 Treffer von 42

Viele Grüße und besten Dank


Alt 15.12.2011, 11:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U

Alt 15.12.2011, 13:06   #7
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.12.2011 12:17:16 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Tommy\Desktop\otl
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 72,01% Memory free
5,36 Gb Paging File | 4,49 Gb Available in Paging File | 83,73% Paging File free
Paging file location(s): d:\pagefile.sys 2024 2024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,01 Gb Total Space | 10,40 Gb Free Space | 20,79% Space Free | Partition Type: NTFS
Drive D: | 93,13 Gb Total Space | 19,55 Gb Free Space | 20,99% Space Free | Partition Type: NTFS
 
Computer Name: TMSL | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tommy\Desktop\otl\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP2014MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gupdate) Google Update Service (gupdate) --  File not found
SRV - (AESTFilters) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VWL) -- C:\Users\Tommy\AppData\Local\Temp\VWL.exe (Sysinternals - www.sysinternals.com)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (vmserverdWin32) -- C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Server\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe (IDT, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (NvcRpcServer) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (matlabserver) -- C:\Progs\Matlab\webserver\bin\win32\matlabserver.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HssDrv) -- C:\Windows\System32\drivers\hssdrv.sys (AnchorFree Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Corporate Edition\kerneld.wnt ()
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (UDXTTM6010) -- C:\Windows\System32\drivers\UDXTTM6010.sys ()
DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (vstor2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (Eacfilt) -- C:\Windows\System32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.7
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.adminvip.com/"
FF - prefs.js..network.proxy.http: "94.76.239.95"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Progs\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Progs\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.12 07:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Progs\Thunderbird\components [2011.02.17 14:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Progs\Thunderbird\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M]
 
[2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions
[2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.21 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions
[2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.20 20:25:01 | 000,000,000 | ---D | M] (Aero Fox Silver XL) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2011.11.21 20:52:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.14 15:29:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.14 15:29:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.12.20 20:25:12 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com
[2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\chrome
[2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\defaults
[2010.12.20 20:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2011.05.16 21:22:51 | 000,005,212 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\0w1774ub.default\searchplugins\ecosia.xml
[2011.02.18 23:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.09.24 12:00:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
[2010.04.19 15:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.02.04 09:09:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.18 23:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008.06.17 22:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2011.11.14 10:03:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\TOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W1774UB.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
[2011.10.12 07:51:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.21 16:45:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009.09.25 16:01:26 | 000,071,016 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsharedview.dll
[2011.10.12 07:51:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.12 07:51:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.12 07:51:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.12 07:51:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.12 07:51:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.12 07:51:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RMClock] C:\Progs\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.2.22.74 141.2.149.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACC3C84-F456-4F14-B5CE-7D7ACF0999E8}: DhcpNameServer = 141.2.22.74 141.2.149.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DA2D11-279B-43DE-ACE2-F1D3DD0A5D22}: NameServer = 10.90.24.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: D:\Daten\Apophysis\fairytreeback.jpg
O24 - Desktop BackupWallPaper: D:\Daten\Apophysis\fairytreeback.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= -  File not found
MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: OODefragTray - hkey= - key= -  File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.uldx - C:\Progs\Ulead DVD MOVIEFACTORY6\Ulead DVD MovieFactory 6\DivX_ul.dll (DivXNetworks, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.14 20:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.14 20:26:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tommy\Desktop\esetsmartinstaller_enu.exe
[2011.12.12 22:11:20 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\otl
[2011.12.12 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.12 17:04:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\hjtscanlist
[2011.12.11 21:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.11 21:04:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.30 20:02:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Crayon Physics Deluxe
[2011.11.30 19:58:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe
[2011.11.30 19:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crayon Physics Deluxe
[2011.11.30 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\Tommy\.KoalaNext
[2011.11.30 16:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.30 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.15 12:18:34 | 000,621,126 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.15 12:18:34 | 000,589,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.15 12:18:34 | 000,123,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.15 12:18:34 | 000,102,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.15 12:13:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.15 12:13:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.15 12:12:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.15 12:12:08 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 12:12:07 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 12:11:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.14 22:38:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.14 21:44:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.14 20:26:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tommy\Desktop\esetsmartinstaller_enu.exe
[2011.12.14 20:18:09 | 000,317,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.12 18:12:30 | 000,046,563 | ---- | M] () -- C:\Users\Tommy\Desktop\Logs.zip
[2011.12.12 17:21:48 | 000,302,592 | ---- | M] () -- C:\Users\Tommy\Desktop\6iztf7qt.exe
[2011.12.12 17:16:51 | 000,000,020 | ---- | M] () -- C:\Users\Tommy\defogger_reenable
[2011.12.12 17:15:23 | 000,050,477 | ---- | M] () -- C:\Users\Tommy\Desktop\Defogger.exe
[2011.12.11 21:04:10 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 16:09:50 | 000,113,677 | ---- | M] () -- C:\Users\Tommy\Desktop\icufa.7z
[2011.12.11 15:43:35 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.07 17:02:49 | 000,097,128 | ---- | M] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf
[2011.11.30 17:34:29 | 000,011,992 | ---- | M] () -- C:\Users\Tommy\Desktop\koala.jnlp
[2011.11.30 17:25:58 | 000,355,517 | ---- | M] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf
[2011.11.30 16:29:58 | 000,131,729 | ---- | M] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.12 20:26:33 | 000,116,224 | ---- | C] () -- C:\Users\Tommy\Desktop\pdfcmnnt.dll
[2011.12.12 18:12:30 | 000,046,563 | ---- | C] () -- C:\Users\Tommy\Desktop\Logs.zip
[2011.12.12 17:21:48 | 000,302,592 | ---- | C] () -- C:\Users\Tommy\Desktop\6iztf7qt.exe
[2011.12.12 17:16:41 | 000,000,020 | ---- | C] () -- C:\Users\Tommy\defogger_reenable
[2011.12.12 17:15:23 | 000,050,477 | ---- | C] () -- C:\Users\Tommy\Desktop\Defogger.exe
[2011.12.11 21:04:10 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 16:09:50 | 000,113,677 | ---- | C] () -- C:\Users\Tommy\Desktop\icufa.7z
[2011.12.07 17:02:39 | 000,097,128 | ---- | C] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf
[2011.11.30 17:46:14 | 000,011,992 | ---- | C] () -- C:\Users\Tommy\Desktop\koala.jnlp
[2011.11.30 17:23:29 | 000,355,517 | ---- | C] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf
[2011.11.30 16:29:58 | 000,131,729 | ---- | C] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf
[2011.07.05 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.05.22 10:21:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.01 15:07:09 | 000,000,269 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\rftg
[2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011.01.22 18:00:29 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2011.01.22 18:00:29 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2011.01.22 18:00:09 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2011.01.22 18:00:09 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010.11.10 10:11:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.11.10 10:11:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.10.17 18:36:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.16 19:27:47 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2010.09.16 19:27:47 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2010.09.16 19:27:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2010.02.23 12:07:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.26 08:58:01 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini
[2010.01.20 18:10:59 | 000,007,497 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\gnuplot_history
[2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.30 19:51:32 | 000,596,896 | ---- | C] () -- C:\Windows\System32\drivers\UDXTTM6010.sys
[2009.10.18 18:39:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.09.02 10:47:27 | 000,000,000 | ---- | C] () -- C:\Windows\IMAGETOPDF.INI
[2009.09.02 09:12:05 | 000,139,264 | ---- | C] () -- C:\Windows\gswin32c.exe
[2009.06.08 17:26:48 | 000,000,313 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.06.08 17:04:01 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.06.08 17:04:01 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.27 08:00:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 08:00:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 07:59:40 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.05.08 22:10:05 | 000,023,888 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\UserTile.png
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
[2008.10.16 17:51:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPMLVS.DLL
[2008.10.01 13:05:16 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini
[2008.08.07 15:15:24 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.27 16:43:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.22 07:22:34 | 000,073,728 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.16 19:46:25 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.06.16 18:54:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.06.16 18:54:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.06.16 18:54:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.06.16 18:54:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.06.16 18:54:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.06.16 18:54:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.06.16 18:54:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.06.16 18:54:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.06.16 18:54:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.06.16 18:54:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.06.16 18:54:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.06.16 18:54:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.06.16 18:54:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.06.16 18:54:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.06.16 18:54:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.06.16 18:40:09 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.16 18:40:08 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.06.07 21:29:31 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008.06.07 20:12:10 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.001
[2008.06.07 19:58:39 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.dat
[2008.06.07 17:36:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008.06.07 17:36:07 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008.06.07 17:25:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.06.07 17:15:10 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
[2007.07.25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:42:41 | 000,621,126 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:42:41 | 000,123,858 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,317,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,589,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,102,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000073.DLL
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.05.16 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft
[2010.06.09 08:27:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Auslogics
[2010.03.20 14:51:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ChessBase
[2011.11.30 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe
[2008.07.31 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools
[2009.04.12 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner
[2011.03.06 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\elsterformular
[2011.11.30 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\foobar2000
[2010.10.21 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Foxit Software
[2011.06.19 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gtk-2.0
[2011.02.17 13:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\HLSW
[2009.09.02 10:22:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Inkscape
[2011.03.13 18:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LolClient
[2010.08.25 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Miranda
[2010.02.10 18:14:35 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++
[2010.06.07 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape
[2008.12.18 18:47:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org
[2008.06.07 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Opera
[2008.11.12 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OriginLab
[2009.05.08 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PeerNetworking
[2009.09.02 09:52:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PStill
[2011.03.23 21:40:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RapidSolution
[2010.10.23 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RayV
[2011.05.25 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Spotify
[2010.08.30 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Stardock
[2010.05.08 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TeamViewer
[2009.10.30 19:57:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TerraTec
[2011.02.17 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird
[2008.10.18 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TMP
[2011.07.03 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client
[2009.05.26 08:59:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TuneUp Software
[2011.01.22 18:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Ulead Systems
[2009.12.10 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wizards of the Coast
[2009.08.20 09:48:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wuala
[2010.10.22 17:02:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\XnView
[2011.12.14 22:38:11 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.16 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft
[2011.07.15 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Adobe
[2010.06.09 08:27:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Auslogics
[2011.10.18 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Avira
[2010.03.20 14:51:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ChessBase
[2011.04.18 07:43:51 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\codeblocks
[2011.11.30 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe
[2008.08.17 13:05:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CyberLink
[2008.07.31 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools
[2009.04.12 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner
[2010.05.04 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DivX
[2011.12.11 16:34:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\dvdcss
[2011.03.06 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\elsterformular
[2011.11.30 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\foobar2000
[2010.10.21 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Foxit Software
[2011.06.19 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gtk-2.0
[2008.10.02 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Hamachi
[2011.02.17 13:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\HLSW
[2008.06.07 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Identities
[2009.09.02 10:22:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Inkscape
[2008.06.07 22:46:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\InstallShield
[2008.06.07 19:20:51 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Intel
[2011.03.13 18:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LolClient
[2009.11.28 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Macromedia
[2011.05.18 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Malwarebytes
[2011.02.24 12:48:21 | 000,000,000 | --SD | M] -- C:\Users\Tommy\AppData\Roaming\Microsoft
[2010.08.25 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Miranda
[2010.06.07 17:35:19 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla
[2008.08.17 12:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Nero
[2010.02.10 18:14:35 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++
[2010.06.07 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape
[2008.12.18 18:47:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org
[2008.12.17 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org2
[2008.06.07 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Opera
[2008.11.12 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OriginLab
[2009.05.08 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PeerNetworking
[2009.09.02 09:52:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PStill
[2011.03.23 21:40:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RapidSolution
[2010.10.23 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RayV
[2010.02.12 18:20:54 | 000,000,000 | RH-D | M] -- C:\Users\Tommy\AppData\Roaming\SecuROM
[2011.12.07 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Skype
[2011.07.15 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\skypePM
[2011.05.25 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Spotify
[2010.08.30 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Stardock
[2009.09.04 09:40:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\teamspeak2
[2010.05.08 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TeamViewer
[2009.10.30 19:57:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TerraTec
[2011.02.17 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird
[2008.10.18 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TMP
[2011.07.03 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client
[2009.05.26 08:59:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TuneUp Software
[2011.01.22 18:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Ulead Systems
[2008.06.27 08:28:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\vlc
[2010.09.28 10:04:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\VMware
[2008.06.15 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\WinRAR
[2009.12.10 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wizards of the Coast
[2009.08.20 09:48:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wuala
[2010.10.22 17:02:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2011.03.21 00:21:52 | 002,533,221 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\c10t-1.7-windows-x86\c10t-1.7\c10t.exe
[2010.10.31 23:02:56 | 000,457,728 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\Cartograph\Cartograph.exe
[2011.04.20 12:21:41 | 000,249,856 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\cartograph_g_2011_04_20_bins\Cartograph_G.exe
[2011.04.04 13:48:22 | 000,852,480 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\cartograph_g_2011_04_20_bins\Cartograph_G_Post_Processor.exe
[2011.04.20 12:22:00 | 000,490,496 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\cartograph_g_2011_04_20_bins\Cartograph_G_Renderer.exe
[2011.01.15 23:18:43 | 000,238,985 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\texturepacks\Bumpmaftv1_5_5\mcpatcher-1.1.11.exe
[2011.07.15 14:20:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Tommy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.04.08 16:07:32 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Users\Tommy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2008.06.07 17:18:32 | 000,010,134 | R--- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
[2008.06.07 17:18:32 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Tommy\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
[2009.01.08 14:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2009.08.20 09:48:33 | 000,223,851 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Wuala\Wuala.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.02.22 02:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.02.22 02:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.02.22 02:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[1999.10.02 11:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Progs\Matlab\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
[2007.03.28 18:49:06 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=6A8C7938BED3472E80FC8D25D6EF87E2 -- C:\Program Files\Protector Suite QL\eventlog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.06 06:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.06 06:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007.01.06 06:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.18 22:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2007.08.07 14:49:06 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll

< End of report >
         
--- --- ---
[/code]

Alt 15.12.2011, 13:45   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Zitat:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACC3C84-F456-4F14-B5CE-7D7ACF0999E8}: DhcpNameServer = 141.2.22.74 141.2.149.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DA2D11-279B-43DE-ACE2-F1D3DD0A5D22}: NameServer = 10.90.24.1
Ist das ein Bürorechner? Warum wendest du dich nicht an deine Kollegen aus der IT?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.12.2011, 13:57   #9
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Nein das ist kein Bürorechner. Ich habe ihn nur heute mit in die Uni genommen.

Alt 15.12.2011, 15:28   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - (VWL) -- C:\Users\Tommy\AppData\Local\Temp\VWL.exe (Sysinternals - www.sysinternals.com)
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.autoconfig_url: "http://www.adminvip.com/"
FF - prefs.js..network.proxy.http: "94.76.239.95"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.12.2011, 18:43   #11
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Code:
ATTFilter
 All processes killed
========== OTL ==========
Service VWL stopped successfully!
Service VWL deleted successfully!
C:\Users\Tommy\AppData\Local\Temp\VWL.exe moved successfully.
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.adminvip.com/" removed from network.proxy.autoconfig_url
Prefs.js: "94.76.239.95" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.socks_version
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f97bcc9-5f3c-11dd-9202-444553544200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f97bcc9-5f3c-11dd-9202-444553544200}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43e031af-a6a8-11de-8c15-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43e031af-a6a8-11de-8c15-005056c00008}\ not found.
File G:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tommy
->Temp folder emptied: 206525148 bytes
->Temporary Internet Files folder emptied: 6250257 bytes
->Java cache emptied: 73499376 bytes
->FireFox cache emptied: 63800426 bytes
->Opera cache emptied: 125360924 bytes
->Flash cache emptied: 1098483 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110948904 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 561,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12152011_183343

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 15.12.2011, 19:37   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.12.2011, 22:53   #13
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Code:
ATTFilter
 22:50:36.0748 2204	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:50:36.0801 2204	============================================================
22:50:36.0801 2204	Current date / time: 2011/12/15 22:50:36.0801
22:50:36.0801 2204	SystemInfo:
22:50:36.0801 2204	
22:50:36.0801 2204	OS Version: 6.0.6002 ServicePack: 2.0
22:50:36.0801 2204	Product type: Workstation
22:50:36.0801 2204	ComputerName: TMSL
22:50:36.0801 2204	UserName: Tommy
22:50:36.0801 2204	Windows directory: C:\Windows
22:50:36.0801 2204	System windows directory: C:\Windows
22:50:36.0801 2204	Processor architecture: Intel x86
22:50:36.0801 2204	Number of processors: 2
22:50:36.0801 2204	Page size: 0x1000
22:50:36.0801 2204	Boot type: Normal boot
22:50:36.0801 2204	============================================================
22:50:37.0853 2204	Initialize success
22:51:14.0265 3332	============================================================
22:51:14.0265 3332	Scan started
22:51:14.0265 3332	Mode: Manual; SigCheck; TDLFS; 
22:51:14.0265 3332	============================================================
22:51:15.0588 3332	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:51:15.0783 3332	ACPI - ok
22:51:16.0018 3332	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:51:16.0121 3332	adp94xx - ok
22:51:16.0152 3332	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:51:16.0167 3332	adpahci - ok
22:51:16.0199 3332	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:51:16.0214 3332	adpu160m - ok
22:51:16.0339 3332	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:51:16.0355 3332	adpu320 - ok
22:51:16.0481 3332	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:51:16.0546 3332	AFD - ok
22:51:16.0586 3332	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:51:16.0601 3332	agp440 - ok
22:51:16.0641 3332	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:51:16.0656 3332	aic78xx - ok
22:51:16.0716 3332	aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
22:51:16.0731 3332	aliide - ok
22:51:16.0751 3332	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:51:16.0761 3332	amdagp - ok
22:51:16.0786 3332	amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
22:51:16.0801 3332	amdide - ok
22:51:16.0836 3332	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:51:16.0996 3332	AmdK7 - ok
22:51:17.0026 3332	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:51:17.0076 3332	AmdK8 - ok
22:51:17.0126 3332	ApfiltrService  (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:51:17.0216 3332	ApfiltrService - ok
22:51:17.0286 3332	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:51:17.0296 3332	arc - ok
22:51:17.0316 3332	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:51:17.0326 3332	arcsas - ok
22:51:17.0376 3332	ASPI            (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
22:51:17.0396 3332	ASPI ( UnsignedFile.Multi.Generic ) - warning
22:51:17.0396 3332	ASPI - detected UnsignedFile.Multi.Generic (1)
22:51:17.0426 3332	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:17.0456 3332	AsyncMac - ok
22:51:17.0476 3332	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:51:17.0486 3332	atapi - ok
22:51:17.0536 3332	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:17.0546 3332	avgntflt - ok
22:51:17.0671 3332	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:51:17.0681 3332	avipbb - ok
22:51:17.0731 3332	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:51:17.0741 3332	avkmgr - ok
22:51:17.0786 3332	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:51:17.0816 3332	Beep - ok
22:51:17.0836 3332	blbdrive - ok
22:51:17.0876 3332	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:51:17.0906 3332	bowser - ok
22:51:17.0926 3332	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:51:17.0956 3332	BrFiltLo - ok
22:51:17.0976 3332	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:51:18.0006 3332	BrFiltUp - ok
22:51:18.0036 3332	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:51:18.0076 3332	Brserid - ok
22:51:18.0106 3332	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:51:18.0146 3332	BrSerWdm - ok
22:51:18.0166 3332	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:51:18.0216 3332	BrUsbMdm - ok
22:51:18.0236 3332	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:51:18.0276 3332	BrUsbSer - ok
22:51:18.0326 3332	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:51:18.0346 3332	BthEnum - ok
22:51:18.0386 3332	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:18.0406 3332	BTHMODEM - ok
22:51:18.0426 3332	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:51:18.0456 3332	BthPan - ok
22:51:18.0521 3332	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:51:18.0576 3332	BTHPORT - ok
22:51:18.0606 3332	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:51:18.0626 3332	BTHUSB - ok
22:51:18.0661 3332	btwaudio        (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
22:51:18.0671 3332	btwaudio - ok
22:51:18.0691 3332	btwavdt         (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
22:51:18.0696 3332	btwavdt - ok
22:51:18.0721 3332	btwrchid        (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
22:51:18.0726 3332	btwrchid - ok
22:51:18.0796 3332	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:18.0856 3332	cdfs - ok
22:51:18.0896 3332	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:51:18.0946 3332	cdrom - ok
22:51:18.0976 3332	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:51:19.0046 3332	circlass - ok
22:51:19.0086 3332	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:51:19.0106 3332	CLFS - ok
22:51:19.0166 3332	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:19.0213 3332	CmBatt - ok
22:51:19.0244 3332	cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
22:51:19.0244 3332	cmdide - ok
22:51:19.0260 3332	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:19.0276 3332	Compbatt - ok
22:51:19.0322 3332	cpuz132         (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
22:51:19.0338 3332	cpuz132 ( UnsignedFile.Multi.Generic ) - warning
22:51:19.0338 3332	cpuz132 - detected UnsignedFile.Multi.Generic (1)
22:51:19.0369 3332	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:51:19.0369 3332	crcdisk - ok
22:51:19.0400 3332	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:51:19.0447 3332	Crusoe - ok
22:51:19.0494 3332	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
22:51:19.0556 3332	CSC - ok
22:51:19.0588 3332	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:51:19.0603 3332	DfsC - ok
22:51:19.0663 3332	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:51:19.0673 3332	disk - ok
22:51:19.0733 3332	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:51:19.0758 3332	drmkaud - ok
22:51:19.0798 3332	DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:19.0881 3332	DXGKrnl - ok
22:51:19.0943 3332	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:51:20.0021 3332	E1G60 - ok
22:51:20.0068 3332	Eacfilt         (47d1b4dc8da75742f023ae21e0d057a2) C:\Windows\system32\DRIVERS\eacfilt.sys
22:51:20.0083 3332	Eacfilt - ok
22:51:20.0130 3332	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:51:20.0146 3332	Ecache - ok
22:51:20.0193 3332	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:51:20.0208 3332	elxstor - ok
22:51:20.0239 3332	ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
22:51:20.0255 3332	ENTECH - ok
22:51:20.0302 3332	EverestDriver - ok
22:51:20.0349 3332	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:51:20.0369 3332	exfat - ok
22:51:20.0414 3332	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:51:20.0449 3332	fastfat - ok
22:51:20.0494 3332	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:51:20.0544 3332	fdc - ok
22:51:20.0574 3332	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:51:20.0584 3332	FileInfo - ok
22:51:20.0599 3332	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:51:20.0629 3332	Filetrace - ok
22:51:20.0654 3332	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:20.0699 3332	flpydisk - ok
22:51:20.0744 3332	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:51:20.0754 3332	FltMgr - ok
22:51:20.0824 3332	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:20.0854 3332	Fs_Rec - ok
22:51:20.0894 3332	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:51:20.0899 3332	gagp30kx - ok
22:51:20.0964 3332	hamachi         (85f4e4617dbd603c2202354cedfdf249) C:\Windows\system32\DRIVERS\hamachi.sys
22:51:20.0969 3332	hamachi - ok
22:51:21.0024 3332	hcmon           (c511a1973c0f119d33e08946a46b4b15) C:\Windows\system32\Drivers\hcmon.sys
22:51:21.0024 3332	hcmon ( UnsignedFile.Multi.Generic ) - warning
22:51:21.0024 3332	hcmon - detected UnsignedFile.Multi.Generic (1)
22:51:21.0079 3332	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:51:21.0124 3332	HdAudAddService - ok
22:51:21.0214 3332	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:51:21.0249 3332	HDAudBus - ok
22:51:21.0284 3332	HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:21.0314 3332	HidBth - ok
22:51:21.0349 3332	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:51:21.0404 3332	HidIr - ok
22:51:21.0459 3332	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:51:21.0474 3332	HidUsb - ok
22:51:21.0519 3332	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:51:21.0529 3332	HpCISSs - ok
22:51:21.0584 3332	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
22:51:21.0594 3332	HssDrv - ok
22:51:21.0679 3332	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:51:21.0734 3332	HTTP - ok
22:51:21.0784 3332	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:51:21.0794 3332	i2omp - ok
22:51:21.0866 3332	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:51:21.0897 3332	i8042prt - ok
22:51:21.0928 3332	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:51:21.0944 3332	iaStorV - ok
22:51:21.0960 3332	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:51:21.0975 3332	iirsp - ok
22:51:22.0006 3332	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:51:22.0022 3332	intelide - ok
22:51:22.0069 3332	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:22.0084 3332	intelppm - ok
22:51:22.0162 3332	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:22.0178 3332	IpFilterDriver - ok
22:51:22.0209 3332	IpInIp - ok
22:51:22.0256 3332	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:51:22.0303 3332	IPMIDRV - ok
22:51:22.0334 3332	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:51:22.0365 3332	IPNAT - ok
22:51:22.0412 3332	IPSECEXT        (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
22:51:22.0428 3332	IPSECEXT - ok
22:51:22.0443 3332	IPSECSHM        (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
22:51:22.0443 3332	IPSECSHM - ok
22:51:22.0448 3332	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:51:22.0483 3332	IRENUM - ok
22:51:22.0543 3332	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:51:22.0548 3332	isapnp - ok
22:51:22.0593 3332	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:51:22.0608 3332	iScsiPrt - ok
22:51:22.0643 3332	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:51:22.0653 3332	iteatapi - ok
22:51:22.0688 3332	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:51:22.0698 3332	iteraid - ok
22:51:22.0743 3332	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:22.0758 3332	kbdclass - ok
22:51:22.0881 3332	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:22.0912 3332	kbdhid - ok
22:51:22.0974 3332	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:51:23.0021 3332	KSecDD - ok
22:51:23.0099 3332	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:23.0161 3332	lltdio - ok
22:51:23.0224 3332	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:51:23.0239 3332	LSI_FC - ok
22:51:23.0317 3332	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:51:23.0333 3332	LSI_SAS - ok
22:51:23.0380 3332	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:51:23.0395 3332	LSI_SCSI - ok
22:51:23.0427 3332	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:51:23.0473 3332	luafv - ok
22:51:23.0536 3332	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:51:23.0551 3332	megasas - ok
22:51:23.0583 3332	MEMSWEEP2 - ok
22:51:23.0666 3332	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:51:23.0712 3332	Modem - ok
22:51:23.0759 3332	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:51:23.0806 3332	monitor - ok
22:51:23.0837 3332	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:23.0853 3332	mouclass - ok
22:51:23.0884 3332	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:23.0931 3332	mouhid - ok
22:51:23.0978 3332	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:51:23.0993 3332	MountMgr - ok
22:51:24.0040 3332	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:51:24.0056 3332	mpio - ok
22:51:24.0102 3332	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:51:24.0149 3332	mpsdrv - ok
22:51:24.0196 3332	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:51:24.0212 3332	Mraid35x - ok
22:51:24.0258 3332	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:51:24.0305 3332	MRxDAV - ok
22:51:24.0336 3332	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:24.0383 3332	mrxsmb - ok
22:51:24.0433 3332	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:24.0463 3332	mrxsmb10 - ok
22:51:24.0493 3332	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:24.0513 3332	mrxsmb20 - ok
22:51:24.0563 3332	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
22:51:24.0583 3332	msahci - ok
22:51:24.0628 3332	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:51:24.0648 3332	msdsm - ok
22:51:24.0678 3332	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:51:24.0738 3332	Msfs - ok
22:51:24.0783 3332	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:51:24.0803 3332	msisadrv - ok
22:51:24.0853 3332	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:24.0893 3332	MSKSSRV - ok
22:51:24.0933 3332	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:24.0973 3332	MSPCLOCK - ok
22:51:24.0993 3332	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:51:25.0043 3332	MSPQM - ok
22:51:25.0083 3332	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:51:25.0093 3332	MsRPC - ok
22:51:25.0133 3332	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:25.0143 3332	mssmbios - ok
22:51:25.0183 3332	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:51:25.0213 3332	MSTEE - ok
22:51:25.0263 3332	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:51:25.0273 3332	Mup - ok
22:51:25.0343 3332	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:25.0353 3332	NativeWifiP - ok
22:51:25.0443 3332	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:51:25.0453 3332	NDIS - ok
22:51:25.0493 3332	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:25.0523 3332	NdisTapi - ok
22:51:25.0553 3332	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:25.0573 3332	Ndisuio - ok
22:51:25.0623 3332	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:25.0653 3332	NdisWan - ok
22:51:25.0698 3332	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:51:25.0723 3332	NDProxy - ok
22:51:25.0753 3332	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:51:25.0788 3332	NetBIOS - ok
22:51:25.0878 3332	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:51:25.0913 3332	netbt - ok
22:51:26.0273 3332	NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:51:26.0618 3332	NETw4v32 - ok
22:51:26.0798 3332	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:51:26.0813 3332	nfrd960 - ok
22:51:26.0998 3332	npf             (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
22:51:27.0008 3332	npf - ok
22:51:27.0088 3332	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:51:27.0118 3332	Npfs - ok
22:51:27.0193 3332	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:51:27.0233 3332	nsiproxy - ok
22:51:27.0283 3332	NSNDIS5 - ok
22:51:27.0418 3332	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:51:27.0523 3332	Ntfs - ok
22:51:27.0588 3332	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:51:27.0638 3332	ntrigdigi - ok
22:51:27.0678 3332	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:51:27.0718 3332	Null - ok
22:51:28.0116 3332	nvlddmkm        (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:51:29.0069 3332	nvlddmkm - ok
22:51:29.0240 3332	nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
22:51:29.0287 3332	nvraid - ok
22:51:29.0303 3332	nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
22:51:29.0334 3332	nvstor - ok
22:51:29.0396 3332	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:51:29.0412 3332	nv_agp - ok
22:51:29.0427 3332	NwlnkFlt - ok
22:51:29.0474 3332	NwlnkFwd - ok
22:51:29.0521 3332	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:51:29.0552 3332	ohci1394 - ok
22:51:29.0572 3332	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:51:29.0632 3332	Parport - ok
22:51:29.0693 3332	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:51:29.0709 3332	partmgr - ok
22:51:29.0740 3332	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:51:29.0803 3332	Parvdm - ok
22:51:29.0849 3332	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:51:29.0865 3332	pci - ok
22:51:29.0912 3332	pciide          (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
22:51:29.0927 3332	pciide - ok
22:51:29.0959 3332	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:51:29.0974 3332	pcmcia - ok
22:51:30.0021 3332	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:51:30.0146 3332	PEAUTH - ok
22:51:30.0177 3332	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:51:30.0208 3332	PptpMiniport - ok
22:51:30.0239 3332	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:51:30.0286 3332	Processor - ok
22:51:30.0349 3332	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:51:30.0395 3332	PSched - ok
22:51:30.0442 3332	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:51:30.0483 3332	ql2300 - ok
22:51:30.0518 3332	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:51:30.0528 3332	ql40xx - ok
22:51:30.0593 3332	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:51:30.0623 3332	QWAVEdrv - ok
22:51:30.0643 3332	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:51:30.0673 3332	RasAcd - ok
22:51:30.0723 3332	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:30.0753 3332	Rasl2tp - ok
22:51:30.0813 3332	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:30.0848 3332	RasPppoe - ok
22:51:30.0888 3332	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:51:30.0898 3332	RasSstp - ok
22:51:30.0943 3332	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:51:30.0978 3332	rdbss - ok
22:51:31.0035 3332	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:31.0066 3332	RDPCDD - ok
22:51:31.0175 3332	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
22:51:31.0206 3332	rdpdr - ok
22:51:31.0237 3332	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:51:31.0284 3332	RDPENCDD - ok
22:51:31.0347 3332	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:51:31.0362 3332	RDPWD - ok
22:51:31.0425 3332	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:51:31.0456 3332	RFCOMM - ok
22:51:31.0471 3332	rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:51:31.0518 3332	rimmptsk - ok
22:51:31.0534 3332	rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:51:31.0549 3332	rimsptsk - ok
22:51:31.0581 3332	rismxdp         (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:51:31.0612 3332	rismxdp - ok
22:51:31.0652 3332	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:51:31.0697 3332	rspndr - ok
22:51:31.0812 3332	RTCore32        (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Progs\RMClock\RTCore32.sys
22:51:31.0817 3332	RTCore32 ( UnsignedFile.Multi.Generic ) - warning
22:51:31.0817 3332	RTCore32 - detected UnsignedFile.Multi.Generic (1)
22:51:31.0884 3332	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:51:31.0900 3332	sbp2port - ok
22:51:31.0947 3332	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:51:31.0978 3332	sdbus - ok
22:51:32.0025 3332	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:51:32.0087 3332	secdrv - ok
22:51:32.0103 3332	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:51:32.0134 3332	Serenum - ok
22:51:32.0181 3332	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:51:32.0212 3332	Serial - ok
22:51:32.0259 3332	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:51:32.0274 3332	sermouse - ok
22:51:32.0337 3332	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:51:32.0352 3332	sffdisk - ok
22:51:32.0383 3332	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:51:32.0415 3332	sffp_mmc - ok
22:51:32.0446 3332	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:51:32.0461 3332	sffp_sd - ok
22:51:32.0477 3332	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:51:32.0517 3332	sfloppy - ok
22:51:32.0547 3332	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:51:32.0552 3332	sisagp - ok
22:51:32.0617 3332	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:51:32.0627 3332	SiSRaid2 - ok
22:51:32.0652 3332	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:51:32.0662 3332	SiSRaid4 - ok
22:51:32.0712 3332	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:51:32.0742 3332	Smb - ok
22:51:32.0807 3332	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:51:32.0822 3332	spldr - ok
22:51:32.0887 3332	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
22:51:32.0972 3332	sptd - ok
22:51:33.0022 3332	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:51:33.0047 3332	srv - ok
22:51:33.0077 3332	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:51:33.0092 3332	srv2 - ok
22:51:33.0117 3332	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:51:33.0142 3332	srvnet - ok
22:51:33.0192 3332	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:51:33.0202 3332	ssmdrv - ok
22:51:33.0307 3332	STHDA           (d4ae2486c4290054b8d6f1adc4bad7fd) C:\Windows\system32\drivers\stwrt.sys
22:51:33.0382 3332	STHDA - ok
22:51:33.0417 3332	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:51:33.0432 3332	swenum - ok
22:51:33.0467 3332	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:51:33.0477 3332	Symc8xx - ok
22:51:33.0522 3332	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:51:33.0532 3332	Sym_hi - ok
22:51:33.0577 3332	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:51:33.0582 3332	Sym_u3 - ok
22:51:33.0642 3332	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
22:51:33.0652 3332	taphss - ok
22:51:33.0702 3332	tapvpn          (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
22:51:33.0702 3332	tapvpn ( UnsignedFile.Multi.Generic ) - warning
22:51:33.0702 3332	tapvpn - detected UnsignedFile.Multi.Generic (1)
22:51:33.0862 3332	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:51:33.0972 3332	Tcpip - ok
22:51:34.0032 3332	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:51:34.0102 3332	Tcpip6 - ok
22:51:34.0152 3332	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:51:34.0182 3332	tcpipreg - ok
22:51:34.0252 3332	TcUsb           (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
22:51:34.0292 3332	TcUsb - ok
22:51:34.0342 3332	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:51:34.0382 3332	TDPIPE - ok
22:51:34.0412 3332	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:51:34.0452 3332	TDTCP - ok
22:51:34.0532 3332	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:51:34.0552 3332	tdx - ok
22:51:34.0607 3332	teamviewervpn   (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
22:51:34.0632 3332	teamviewervpn - ok
22:51:34.0662 3332	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:51:34.0682 3332	TermDD - ok
22:51:34.0727 3332	tifsfilter      (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
22:51:34.0747 3332	tifsfilter - ok
22:51:34.0832 3332	timounter       (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
22:51:34.0892 3332	timounter - ok
22:51:34.0932 3332	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:51:34.0982 3332	tssecsrv - ok
22:51:35.0002 3332	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:51:35.0032 3332	tunmp - ok
22:51:35.0092 3332	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:51:35.0122 3332	tunnel - ok
22:51:35.0162 3332	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:51:35.0172 3332	uagp35 - ok
22:51:35.0262 3332	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:51:35.0302 3332	udfs - ok
22:51:35.0372 3332	UDXTTM6010      (ac426cd0aa0db592a81c9a78a5f4b309) C:\Windows\system32\DRIVERS\UDXTTM6010.sys
22:51:35.0412 3332	UDXTTM6010 - ok
22:51:35.0458 3332	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:51:35.0473 3332	uliagpkx - ok
22:51:35.0504 3332	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:51:35.0520 3332	uliahci - ok
22:51:35.0551 3332	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:51:35.0567 3332	UlSata - ok
22:51:35.0582 3332	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:51:35.0582 3332	ulsata2 - ok
22:51:35.0629 3332	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:51:35.0660 3332	umbus - ok
22:51:35.0723 3332	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:51:35.0738 3332	usbccgp - ok
22:51:35.0785 3332	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:51:35.0816 3332	usbcir - ok
22:51:35.0848 3332	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:51:35.0879 3332	usbehci - ok
22:51:35.0910 3332	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:51:35.0941 3332	usbhub - ok
22:51:35.0988 3332	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:51:36.0050 3332	usbohci - ok
22:51:36.0082 3332	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:51:36.0128 3332	usbprint - ok
22:51:36.0160 3332	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:51:36.0175 3332	usbscan - ok
22:51:36.0238 3332	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:51:36.0269 3332	USBSTOR - ok
22:51:36.0316 3332	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:51:36.0347 3332	usbuhci - ok
22:51:36.0378 3332	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:51:36.0425 3332	usbvideo - ok
22:51:36.0456 3332	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:51:36.0472 3332	vga - ok
22:51:36.0522 3332	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:51:36.0552 3332	VgaSave - ok
22:51:36.0582 3332	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:51:36.0592 3332	viaagp - ok
22:51:36.0677 3332	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:51:36.0727 3332	ViaC7 - ok
22:51:36.0787 3332	viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
22:51:36.0792 3332	viaide - ok
22:51:36.0869 3332	VMnetAdapter    (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:51:36.0900 3332	VMnetAdapter - ok
22:51:36.0931 3332	VMnetBridge     (20daa5dcf8b3c9c83574ed8548e01b2a) C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:51:36.0931 3332	VMnetBridge ( UnsignedFile.Multi.Generic ) - warning
22:51:36.0931 3332	VMnetBridge - detected UnsignedFile.Multi.Generic (1)
22:51:36.0978 3332	VMnetuserif     (934294fd78cf78e53c903fb71b1adc40) C:\Windows\system32\drivers\vmnetuserif.sys
22:51:36.0994 3332	VMnetuserif ( UnsignedFile.Multi.Generic ) - warning
22:51:36.0994 3332	VMnetuserif - detected UnsignedFile.Multi.Generic (1)
22:51:37.0041 3332	vmx86           (7947890284ec76d4188a200f9eb0c1f9) C:\Windows\system32\Drivers\vmx86.sys
22:51:37.0041 3332	vmx86 ( UnsignedFile.Multi.Generic ) - warning
22:51:37.0041 3332	vmx86 - detected UnsignedFile.Multi.Generic (1)
22:51:37.0150 3332	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:51:37.0150 3332	volmgr - ok
22:51:37.0259 3332	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:51:37.0306 3332	volmgrx - ok
22:51:37.0368 3332	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:51:37.0399 3332	volsnap - ok
22:51:37.0446 3332	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:51:37.0462 3332	vsmraid - ok
22:51:37.0600 3332	vstor2          (449bf234cae814ba938252364bb4c39d) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
22:51:37.0650 3332	vstor2 - ok
22:51:37.0775 3332	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:51:37.0872 3332	WacomPen - ok
22:51:37.0935 3332	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:37.0966 3332	Wanarp - ok
22:51:37.0997 3332	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:38.0013 3332	Wanarpv6 - ok
22:51:38.0075 3332	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:51:38.0091 3332	Wd - ok
22:51:38.0215 3332	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:51:38.0247 3332	Wdf01000 - ok
22:51:38.0340 3332	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:51:38.0449 3332	WmiAcpi - ok
22:51:38.0509 3332	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:51:38.0579 3332	WpdUsb - ok
22:51:38.0604 3332	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:51:38.0629 3332	ws2ifsl - ok
22:51:38.0729 3332	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:51:38.0754 3332	WUDFRd - ok
22:51:38.0814 3332	yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
22:51:38.0854 3332	yukonwlh - ok
22:51:38.0904 3332	MBR (0x1B8)     (9b4a5e102a9a4593e7df62a936f27e48) \Device\Harddisk0\DR0
22:51:39.0214 3332	\Device\Harddisk0\DR0 - ok
22:51:39.0249 3332	Boot (0x1200)   (4a5f3d982885f49f926a441bb74211aa) \Device\Harddisk0\DR0\Partition0
22:51:39.0270 3332	\Device\Harddisk0\DR0\Partition0 - ok
22:51:39.0301 3332	Boot (0x1200)   (f6a45319f7aedca0c2797253d65da052) \Device\Harddisk0\DR0\Partition1
22:51:39.0301 3332	\Device\Harddisk0\DR0\Partition1 - ok
22:51:39.0301 3332	============================================================
22:51:39.0301 3332	Scan finished
22:51:39.0301 3332	============================================================
22:51:39.0317 0592	Detected object count: 8
22:51:39.0317 0592	Actual detected object count: 8
22:52:16.0877 0592	ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592	ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:16.0877 0592	cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592	cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:16.0877 0592	hcmon ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592	hcmon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:16.0877 0592	RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592	RTCore32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:16.0877 0592	tapvpn ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592	tapvpn ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:16.0877 0592	VMnetBridge ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592	VMnetBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:16.0877 0592	VMnetuserif ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592	VMnetuserif ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:16.0908 0592	vmx86 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0908 0592	vmx86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
bevor du fragst:
Code:
ATTFilter
 22:52:16.0877 0592	ASPI ( UnsignedFile.Multi.Generic ) - skipped by user

- Kann ich grade nicht wirklich zuordnen. Virustotal hat keine Treffer.

22:52:16.0877 0592	cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user

- Wohl ein Überbleibsel von Cpuz.

22:52:16.0877 0592	hcmon ( UnsignedFile.Multi.Generic ) - skipped by user

- Gehört warscheinlich zu VMWare
 
22:52:16.0877 0592	RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user

- Gehört zu RMClock

22:52:16.0877 0592	tapvpn ( UnsignedFile.Multi.Generic ) - skipped by user

- Kann ich nicht 100% zuordnen. Könnte zur VPN Software der Uni gehören.

22:52:16.0877 0592	VMnetBridge ( UnsignedFile.Multi.Generic ) - skipped by user

- Gehört wahrscheinlich zu VMWare

22:52:16.0877 0592	VMnetuserif ( UnsignedFile.Multi.Generic ) - skipped by user

- Gehört wahrscheinlich zu VMWare

22:52:16.0908 0592	vmx86 ( UnsignedFile.Multi.Generic ) - skipped by user

- Gehört wahrscheinlich zu VMWare
         
Wenn du willst / und es passt(!), kannst du mir auch mehr als einen Arbeitsschritt geben.

Geändert von Olorin (15.12.2011 um 23:25 Uhr)

Alt 16.12.2011, 10:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.12.2011, 20:01   #15
Olorin
 
Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5  und  JAVA/Agent.U - Standard

Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-16.01 - Tommy 16.12.2011  18:19:38.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.3581.2503 [GMT 1:00]
ausgeführt von:: c:\users\Tommy\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Enabled/Updated* {3C92C986-DF22-D3CD-0217-CF53EB6F2CD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Tommy\AppData\Roaming\Wuala
c:\users\Tommy\AppData\Roaming\Wuala\defaultUser
c:\users\Tommy\AppData\Roaming\Wuala\Wuala.exe
c:\windows\IsUn0407.exe
c:\windows\UA000073.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-16 bis 2011-12-16  ))))))))))))))))))))))))))))))
.
.
2011-12-16 17:25 . 2011-12-16 17:25	--------	d-----w-	c:\users\Tommy\AppData\Local\temp
2011-12-16 17:25 . 2011-12-16 17:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-16 17:11 . 2011-12-16 17:11	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{13871F78-3997-46E5-9440-9A62840E36CA}\offreg.dll
2011-12-16 17:11 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{13871F78-3997-46E5-9440-9A62840E36CA}\mpengine.dll
2011-12-15 22:30 . 2008-06-24 11:45	1414440	----a-w-	c:\windows\system32\ShellManager310E2D762.dll
2011-12-15 17:33 . 2011-12-15 17:33	--------	d-----w-	C:\_OTL
2011-12-14 19:27 . 2011-12-14 19:27	--------	d-----w-	c:\program files\ESET
2011-12-12 16:11 . 2011-12-12 16:11	--------	d-----w-	c:\program files\CCleaner
2011-12-11 20:04 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-30 18:58 . 2011-11-30 19:58	--------	d-----w-	c:\users\Tommy\AppData\Roaming\Crayon Physics Deluxe
2011-11-30 16:40 . 2011-11-30 16:45	--------	d-----w-	c:\users\Tommy\.KoalaNext
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 14:43 . 2011-10-18 14:42	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-07 16:23 . 2009-10-06 09:01	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-21 19:21 . 2011-05-16 06:02	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 23:26 . 2011-10-20 23:26	94208	----a-w-	c:\windows\system32\dpl100.dll
2011-10-11 13:00 . 2011-10-18 14:42	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-18 14:42	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-09-20 21:02 . 2011-11-08 21:10	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
2011-10-12 06:51 . 2011-05-15 10:55	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 17:59	2953216	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 17:59	2953216	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\progs\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-14 442460]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 17:46	90112	----a-w-	c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:20	110696	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 13:39	189736	------w-	c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1401606794-160134412-1321032927-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt [x]
R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-04-09 148232]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6A19.tmp [x]
R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
R3 RTCore32;RTCore32;c:\progs\RMClock\RTCore32.sys [2005-05-25 4608]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 UDXTTM6010;Cinergy Hybrid XE BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [2008-03-31 596896]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-31 717296]
R4 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [2009-03-25 1654884]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 NvcRpcServer;Nortel CVC Service;c:\program files\Nortel Networks\NvcRpcSvr.exe [2007-04-09 71176]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-04-09 31784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C5DA2D11-279B-43DE-ACE2-F1D3DD0A5D22}: NameServer = 10.90.24.1
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\0w1774ub.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NBKeyScan - c:\progs\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-AcronisTimounterMonitor - c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
AddRemove-Wubi - d:\ubuntu\Uninstall-Kubuntu.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\progs\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Tommy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-16 18:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6A19.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1401606794-160134412-1321032927-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:3f,0c,a6,36,13,e4,68,82,df,12,0b,5f,0d,97,88,49,f1,34,65,0a,65,
   fd,be,07,f0,c5,d0,6b,40,d5,47,74,c5,f2,a5,1d,b1,09,1b,94,97,62,8d,e3,1c,c6,\
"rkeysecu"=hex:97,eb,72,85,c4,53,b4,95,53,a7,f1,72,45,77,cc,40
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2011-12-16  18:27:01
ComboFix-quarantined-files.txt  2011-12-16 17:26
.
Vor Suchlauf: 11 Verzeichnis(se), 12.360.851.456 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.972.466.176 Bytes frei
.
- - End Of File - - 7A89DFAA72C53EB2544F7F4566C905CD
         
--- --- ---


Ich bin grad am überlegen, ob es nicht insgesamt schneller und einfacher ist, wenn ich probiere ein altes image zum Laufen zu bringen. Wie viele Scans stehen denn noch an?

Antwort

Themen zu Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U
.dll, adobe, antivir, avg, avira, defender, diverse, eingehende verbindungen, error, explorer, file, firefox, format, google, helper, hijack, hijackthis, hotspot, hotspot shield, logfile, malwarebytes, microsoft, mozilla thunderbird, nvidia, nvlddmkm.sys, opera, port, registry, sched.exe, software, sttray.exe, vista



Ähnliche Themen: Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U


  1. Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167
    Log-Analyse und Auswertung - 09.07.2014 (35)
  2. TR/Crypt.EPACK.Gen2 und EXP/JAVA.Ternewb.Gen
    Log-Analyse und Auswertung - 18.03.2014 (26)
  3. Verschoben auf Log-Analyse / Bitte löschen (TR/Crypt.EPACK.Gen2 / EXP/JAVA.Ternewb.Gen)
    Mülltonne - 19.02.2014 (0)
  4. McAfee - Verdächtige eingehende Verbindungen blockieren I-net
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (7)
  5. Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert.
    Plagegeister aller Art und deren Bekämpfung - 27.09.2013 (9)
  6. Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen
    Log-Analyse und Auswertung - 05.06.2013 (33)
  7. TR/Crypt.EPACK.Gen2 in C:\Programme\Java\jre7\bin\deploy.dll
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (21)
  8. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  9. Trojaner TR/Drop.Croff.A, TR/Offend.KD.448731, TR/crypt.epack.gen und Java-Scriptvirus JS/Toieung.A
    Log-Analyse und Auswertung - 07.01.2012 (29)
  10. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  11. Avirus meldet mit TR/Crypt.EPACK.Gen5. Virus oder Nicht?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (30)
  12. Trojaner Fund-Java Agent?
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (1)
  13. TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (15)
  14. Kein guter Fund: JAVA/Mesdeh.D & JAVA/Agent
    Log-Analyse und Auswertung - 11.02.2011 (24)
  15. TR/Crypt.XPACK.Gen und JAVA/Small.Y fund
    Log-Analyse und Auswertung - 01.02.2011 (7)
  16. Antivir Fund JAVA/Agent.IV; JAVA/Agent.HT.2; JAVA/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (22)
  17. AntiVir Fund(e)/Warnungen - DR/Spy.ZBOT.AVHY / Java/Agent.2212
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (11)

Zum Thema Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U - Hallo zusammen, vor einige Zeit habe ich Meldungen bekommen, dass die Windowsfirewall eingehende Verbindungen zu bestimmten Systemprogrammen (u.a. Explorer) blockiert. Daraufhin habe ich gestern angefangen mein System zunächst mit Hijackthis - Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U...
Archiv
Du betrachtest: Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.